In this post i will explain how small and medium size organizations can expose their APIs to outside world using WSO2 products. Also we will explain how we can expose services combining existing services and newly implemented services. For this solution i will use API Manager, Identity Server, Enterprise Service Bus and Data Services Server.
Please see below deployment diagram.
- The main product used for integration purposes would be the Enterprise Service Bus. This would be responsible to carry out the system to system integration scenarios across the various systems. All heavy mediation logics should happen at this layer. Also service chaining, implement API facade pattern, message aggregation should happen at this layer. To achieve high availability we may need ESB cluster for this. External and internal service integration will happen at this layer and expose composite service to API Management layer.
- The Identity Server product is needed in the solution if advanced security requirements such as user authentication and permission validation etc. Also we may consider having Identity server as key Manager for API Manager. Then all token validation/ introspection happens with Identity Server nodes.
- WSO2 API Manager will be used to expose all services to outside as APIs and apply quality of services for API. All authentication, throttling and QoS application happens at this layer. To have clear separation between components we would like to suggest separate clusters for gateway workers, store/publisher, gateway managers and key managers. Then based on the system load we can scale each component without scaling all components and can achieve high availability as well.
- WSO2 Data Services Server augments service-oriented architecture development efforts by providing an easy-to-use platform for integrating data stores, creating composite data views, and hosting data services. This product will be used to expose organization data to external world as services.