Monday, January 1, 2018

How to manage external/internal gateways and store with single publisher - WSO2 API Manager

We usually use external API stores only for advertising purposes. If they need to consume API then they have to come back to original store and subscribe there. But as we see your requirement is slightly different from that.

Let me explain you how most of our users handle API usability for internal/external users. I'm sure these external and internal users are resides in different user groups. If that is the case, then we will be able to map them to different user roles. And then we can set the visibility to only required group. For an example if we have API which expose sensitive information then we can set visibility of that API to internal_role role. Then users with internal_role role can only see that API, External users will not be able to see that API or subscribe that.

If we think of deployment then, API Store node will be deployed inside corporate network and outside network pointing to same database. Based on logged in user we can show them right APIs. This solution proposed to you assuming same data shared between both external and internal deployments.

Let me give you exact steps we need to follow,
01. Create 2 different roles for internal and external users(named internal and external).
02. Deploy API Manager internal and external gateways and configure publisher to publish them selectively.
03. Store also can deploy internally and externally pointing to same databases.
04. To create internal only API, create API with limited viability to internal role. Then publish this API to internal gateway.
When internal user logged into internal API store they will see API and can consume it(as they have internal role).
When external user logged into external API store they will not see above API and cannot use that. If they try to access API from external gateway then it will also failed as API not deployed there.
05. To create internal/external API, create API with limited viability to both internal and external role. Then publish this API to both internal and external gateways.
When external user logged into external API store they will see API and can consume it(as they have external role).
When internal user logged into internal API store they will see above API and can use that. If they try to access API from external gateway then it will also work as API deployed there.
06. To create external only API, create API with limited viability to external role. Then publish this API to external gateway.
When external user logged into external API store they will see API and can consume it(as they have external role).
When internal user logged into internal API store they will not see above API and cannot use that. If they try to access API from internal gateway then it will also failed as API not deployed there.