IBM API Management: End-to-end demo, Part 1


Welcome everybody. This is Soloman and I’m going to be covering
many short videos that talk about the API Management tooling from IBM and setting up
some environments, some APIs that we’re going to be using later, and what I’m planning to
do in this video is define a RESTful API in the WebSphere Application Server Liberty profile. We’ll go through the creation of one and then
after that, we will expose that RESTful API that’s defined in WebSphere, inside the API
Management solution that IBM offers. And lastly, I will go ahead and create a simple
mobile application using Worklight and use that Worklight solution to simply call that
API, and throughout, obviously, we are going to define things. I will show you the benefit of APIs, which
a lot of it you’re going to see yourself just from watching the video, but also you will
get to understand some of things you can control, like how many calls happen, how many calls
per minute, for example, you’re allowed to have, how to define different plans to have
different control over each one of these plans, gold or silver. The plan right now, and we may make some changes
as we go into this application, but my plan right now is to define an organization or
a company, and I’m going to call it Soloman World Bank. And for within that organization, the plan
is I will create multiple plans, one is a gold plan and the other one is a silver plan. The gold plan will have unlimited access to
all calls to these APIs and the silver plan, we’ll work on defining a smaller subset, maybe
five calls a minute, and the purpose of this is to show you how the API Management can
control that. Along the way, we will show you everything
that you need, so literally this video will help you get set up with API Management and
also get you to understand, end to end, how it can not only define these APIs but also
how to get to use them from outside of the API Management solution. So the first thing we’re going to do here
is, I am logging onto the cloud management console, which is the console that allows
you to manage the APIs that you have and we’ll take a look at it, there are three portals
you’re going to have to deal with. One is the client or cloud management console,
think of it as the admin console. The second one is the API portal, which is
where you define your APIs and you get to even test them using some of the ability that
the API Management allows you to do, which is to invoke them from within just for test
purposes. And lastly we will look at the last portal
which will allow you to define applications, and those applications is when you start using
these APIs and basically exposing them, whether publicly or whether you want to expose them
with a client ID and client secret to kind of control it so you can basically sell those
APIs. But before I begin I would like to kind of
give a quick overview, in my opinion, of why APIs are important, not only in terms of control
for your organization now, but also as a correct way of doing programming and coding and writing
organizations in the future. In a nutshell, and again most of this you
will see yourself just by showing you the demo that I’m doing, but the APIs become very
very helpful for you when it comes to being able to have control over your enterprise. And don’t think of APIs as things that you
want to do only to expose publicly where you’re trying to for example make some money to sell
those APIs, because there are different kinds of APIs. There are the APIs that you expose publicly
that you’re not interested in making money out of. You got the APIs that you want to expose publicly
and actually do make money off of them. You provide some sort of a service that you
want to charge money for. And you got also internal APIs, so we can’t
necessarily always look at APIs as something where people are interested in exposing outside
their organization. There are certain things you might want to
do internally within your organization just for control purposes. You want to be able to expose some of your
APIs and be able to define multiple versions of them for example. And be able to know are they still being used
or not. In a lot of instances, people assume that
if I expose an API, sometimes people mistakenly think it’s easy to find out who’s calling
my APIs, and that might be the case in a smaller organization, but when we’re talking about
a big organization that becomes very very difficult. So this will kind of allow you internally
to expose these APIs so you can understand exactly whether these, if you’re planning
to move APIs for example or change direction, whether the APIs you are exposing are being
indeed used or not, because you could easily look at the graphs and look at what the API
Management gives you from statistics on the existing APIs that are being used. And of course you can put controls in place
to allow certain people in the organization to access versus none and so on and so forth. The assumption I’m making here is that you
have the API Management software installed and set up. I’m going to also in later videos — like
I mentioned, this is going to be one of three or four videos that we’re going to do — and
I will switch after I define the environment for my API, I will go ahead and switch to
show you how I’m going to develop a simple REST API in WebSphere Application Server and
just test it to make sure it works fine. And then call that API from within the API
Management. And lastly I will go ahead and show you how
I can define a Worklight simple application that basically calls that API that I define
in the WebSphere Application Server but I am exposing from within the API Management. So even though I am running on my one system
here for illustration purposes, you will see that I am going to be running one Eclipse
environment for the Worklight, so I assume it’s one system, and I’m going to be running
another Eclipse environment that has the WebSphere Application Server Liberty profile running
inside of it, so that’s another environment. And lastly of course I have a couple of JVMs,
a couple of virtual machines I should say, one for API Management and one for DataPower
and that kind of puts all that stuff together. So let’s get started here by logging into
the API Management and I will start with the API Management user ID and password for the
cloud management console. As this one gets loaded up you will see there
is the home, which is where you get connected to, and this gives you some information about
the machines from a CPU, memory and disk perspective, and of course on the gateway which in this
case is DataPower, which is where this is running against. If we look at the setting, this will give
you the cluster settings, in my case of course I am only running with a single, I am not
running in a cluster gateway because this is just for test purposes and for demonstration
purposes. And then the next one. Next I’m going to show you the next item,
and the next item is the organizations and think of this as the companies that you create. So in my case the organization is going to
be the Soloman World Bank, that’s the example that I’m going to be creating, which I’m going
to define one API, maybe we’ll expand on this in the future but for the purpose of the first
couple of videos the API will be to return the interest rate. That’s what the API is going to do. And lastly is the setting, and this is something
that you have to do and if you look at the setting, particularly the most important item
in the setting is to set the email, and that’s where you define basically the hostname or
the SMTP server that you want to use. Now why this is critical is that when you
add any users, these users will have to get validated, hence an email is going to be sent
out to that user’s email address that you add, by which they have to accept the invitation. So it is critical that you set the email settings
in this area. I happen to be, my email account is in gmail
and I use the gmail SMTP, which you could use the same values by the way for the host
name and port. Obviously for the user name you use your own. To make sure that things are working appropriately
after you save it, make sure that you do a test of the configuration and confirm that
you do receive an email. If you do not get the email means something
is wrong and you need to make sure that you address this issue, as it’s the most critical
issue to be addressed before you can do anything. Let’s get started. The first I want to do obviously is, I want
to go ahead and create my company. So I go to the organization, again I am in
the first GUI that we talked about, and that’s the cloud console. I go into the organization and I click the
add, and I define my organization in here, or my company, and in this case it’s going
to be Soloman World Bank. And I just want to create a short path for
it and that’s what’s going to show up when you have the url linked to it, and I’m going
to call it SWB and that’s the url for it. I guess it tells me it has to be lower case,
so let’s just go ahead and do it in lower case, and from an owner perspective obviously
I don’t have any existing users, this is a fresh installation, so I’m just going to
go ahead and create a new user and that’s when I’m going to send an email address,
and in this case it’s going to be my email address. So I just created this user and, as I mentioned
earlier, the reason why I said it was critical for you to set up the settings, the email,
because an email now is sent to my gmail account to confirm that I indeed am the owner of this
particular organization, and that it’s not an incorrect email address that somebody is
trying to use my name for. So I will go ahead and accept it. I’m going to stop the recording for a second
here, go ahead and accept the invitation and I’ll be right back. So as you see in here in my gmail account
I received an email saying that I have been invited to this API Management and that I
should click this link to validate. And once I click the link it’s going to take
me to the API Management portal to actually enter my information for that email address
as the owner of this particular organization. So in here I’m going to put my first name,
last name, and I’m going to define my password and then I’m going to sign up. I forgot one extra point, after I added the
email address, before I have gone to accept it, I should have actually done the add button
which I did not do, so now once I do this, I can go back in here, and at this point I
have my account validated and created. So now I’m going to go ahead, now I’m going
to the API Manager portal and I’m going to sign up as the owner of this particular organization
which this is the email address. Again I accepted the invitation and I was
asked to enter the user ID and password and I have done all that and I would like to sign
in. And as you can see in here right now, this
is the view of what I have and this is the second portal that we talked about. So I talked about the first one being the
cloud management console, the second one is the one that I will be able to define the
particular APIs that I want to use, and as you see this is my organization. I could have one or more organizations. Think of it as if I am doing this for my internal
teams. I will have one that’s called Soloman World
Bank, another one that’s called, let’s say, Component X APIs, or whatever it is that
you want to do. And this is the actual owner or that’s myself,
as you see in here I could manage the profile, change the password, or sign out. So let me walk you through what each one of
these things mean. The home is what shows you the statistics
about the APIs that you have. By default you have the sandbox plan, which
is the one that you define things under, I should say environment. And as you see it gives you the five most
active APIs. Of course I have not defined any APIs so therefore
the graphs are empty at this point. We’ll go next to the next item, which is the
plans and the plans are what I mentioned earlier, is when you want to define a gold versus silver,
and we’ll come back to it in a second, but this is where you define a plan that you can
specify for example. If you want to put any restriction and how
many calls are going to take place on any of those particular APIs, you have the ability
to define them per minute, per hour, per day. Or make it unlimited. Even when you do the restriction, you have
the ability to have the restrictions such that you receive an email, which is a soft
restriction, versus a hard restriction, which is where the actual API call would be rejected. And that’s easy to do, it’s just literally
a matter of clicking a couple of buttons here and we’re going to see that as we define my
interest rate API that I’m going to be using. The next one is for the actual APIs and as
you see you can define different kind of APIs, you can define REST APIs or you can define
SOAP based APIs. In this particular example, we are going to
define a REST API because that’s the API that I am going to be using, that I’m going to
be defining in the WebSphere Application Server Liberty profile environment which I will show
you in the second video, and then we’re going to connect the two together. Again, the purpose of this video basically
to just define the basics and then going to talk about all the pieces of the API Management. Of course, we’ll get to the deploy too and
what this means, and draft APIs as we talk about further about the example that I’m going
to be covering in this demo. The next section is the consumers. Consumers is, basically, now that you have
an API defined, that you have a plan defined you want to find, understand who has the capability
to access it. Sometimes you might want to make the API public,
as in I just want to know who you are but I don’t have any restriction on who can use
it. In other instances, you might want that user
to set up an account so you can start charging them money for the usage of the APIs, so you
actually want it to be restricted to certain people. And of course when you have gold versus silver
versus bronze or whatever it is plans that you define, you need to make sure that you
allow only certain people to whatever plan that you have. The next one after the consumers is going
to be the analytics. And as you see, the analytics is the one that
gives you more statistics about the APIs. The response time, the number of calls that
happen, as you see it’s a lot of information that we will get to as I define the API and
start using it. Under the users, as you see, these are the
users that we do define and currently I have Soloman as the owner. For simplicity of this test here, and since
I don’t have too many email addresses that I can use, I’m just going to play the role
of multiple roles, I will be wearing multiple hats, so I’m going to be the administrator
also and I’m going to be the product manager and I’m going to be the developer. And typically those are different organizations
and different people would be doing different things, and that’s how you can control it
and break into who has access to the admin, to be able to do the actual changes, versus
who has access to the product management side of the house to control the business and the
usage, versus the developer who is going to be defining these APIs. We’ll go onto the next one and this is the
user registries and you can define one or more registries, it’s up to you how you want
to break them down. When you look at the last one, I think that
would become more clear, so when you define the environments you can have one registry,
like in this case, sandbox is the default one that is created by the admin and this
registry I can put all my users in one, or you can do it such that you can have one registry
so you’re not mixing the users. You have developers, or development, environment,
and you have sandbox environment which is the same as development I guess, and you have
a production environment, and you can even have internal environment versus external
ones, it’s up to you what you want to define. And you can define certain users so that you
are keeping your internal APIs to your internal users and your external ones to your external
users, so this is kind of the level of control that you have. In this particular instance I am not going
into create a lot of user registries, I am just going to keep this same user registry
that’s here. And last but not least, I’m going to go ahead
and look at the environments, and as you see in here there is the sandbox environment that
was created and I can define a new environment which I will show you right now. And in this environment I’m going to call
this one the production environment, and I will make that one restricted such that nobody
can go in there without prior approval. And from a path perspective I’m going to create
the path to be this, say, prod, as just, you’ll see what that means in a minute, this will
be actually part of the url when you do define it or customize it. So let’s go ahead and click add for this particular
environment and now I have it. Just to give you an example, if you click
on customize portal, before I get to this, let me first show you one item quickly. As you see, here is the url to access that
particular environment. It’s the gateway that I get to and as you
see that the prod, which is what I use for the url past segment, it’s going to show up
here. So SWB is the Soloman World Bank slash prod
which is the environment that I’m running. I can edit it of course. And of course you can also customize it, as
you see in here I could customize it to do different things. So if the API, I want it to have a different
API gateway, for example, I could change it from prod into something else if I decide
that’s what’s going to make sense. There’s the marketing message, there are the
colors that you can do or the background. You can add the terms and conditions, for
example, “by using this API you agree to the Soloman World Bank Ts and Cs.” And as you see in here, I will show when we
try to accept it, how things look up when we do such configuration, and this is really
it and beyond that it’s just a matter of saving it. Of course, let me just go back and just add
one more comment. So for the marketing image, for example in
this case, this is what’s going to show up when I, Soloman, as end user, try to look
at your APIs, and in your case you might want to have your own logo, so maybe I’ll add a
Soloman World Bank logo. As a matter of fact, maybe I’ll do this later,
I don’t have the time to do it at this point for this video. But this kind of gives you an idea of what
this is all about and how you can customize your portal, the ones customers see, to your
benefit. With that, that will come to the end of the
first video and the next video, like I mentioned, I am going to use this basic configuration
that I have right now and I will take it to create the Soloman World Bank API, and then
of course eventually I’m going to introduce you to the third portal. We covered the Smart Cloud console and we
covered the API Manager developer portal which is the one that we’re looking at right now. And of course, lastly, is the one that you
create the application that exists within your organization by which you define the
APIs and you can add any of the security requirements that you may have.

Leave a Reply

Your email address will not be published. Required fields are marked *