Creating Custom Policies for Oracle API Platform Cloud Service

Much has been written on RedThunder.blog about the Oracle API Platform Cloud Service. In this blog, I am going to get into the advanced topic of Custom Policies. You would start exploring this area when the built-in policies do not cover your use case. The power and ease of implementing Custom Policies, I believe, is a killer value proposition of this platform.

Before we proceed, it would helpful to understand the backend technology of what the API Platform is built on. API Platform built-on the heritage of the sturdy and scalable WebLogic server.

There are 3 components:

  • Management Portal – Used to create and manage APIs. This is an application hosted in WebLogic server, utilising WebLogic for clustering and scaling. Oracle hosts and manages this in our Public Cloud and automates the whole installation process, so you just have a make a few clicks to provision it. The Management Portal is the brains of the API Platform, registering Gateways and deploying and publishing APIs to the Gateways and Developer Portal. You can access all its functions through REST API.
  • Gateway Node – Holds the run-time of the API. This is based on the Oracle Communications Service Gatekeeper (OCSG) from our telco-grade suite of products. Built-on WebLogic, the Gateway Nodes can be installed on any platform on-premise or in the Cloud (e.g. Amazon, Azure, Oracle). It is packaged as a zip file downloaded from the Management Portal itself. Once installed, the Gateway calls home to the Management Server to register itself. It pulls APIs and the policies associated with it from the Cloud once they are deployed. Gateways forms a logical cluster for HA purposes, so you deploy once and the APIs propagate to all the nodes in the cluster.

The Gateway Install zip also hosts the necessary code nuggets for customisation.

  • Developer Portal – Used for developers to review documentation and subscribe to APIs. Also an application, this is by default hosted in the same WebLogic Server as the Management Portal. If you wish to run another Developer Portal, let’s say on-premise or customise it, you can extract the Developer Portal war from the Gateway Server install zip and host it in another WebLogic server.

Now coming to Custom Policies, they are essentially Java-code packaged as war files. The Gateway Install zip holds the code nuggets necessary to generate a Policy Stub. It also holds the necessary libraries aka Policy SDK (matching the version of the Gateway server) to compile against.

Continue reading “Creating Custom Policies for Oracle API Platform Cloud Service”

Teaching How to use Terraform to automate Provisioning of Oracle API Platform

Previously, I showed how to use Terraform and PSM CLI to spin up a “Build Server” and use it to provision Oracle Integration Cloud (OIC) environments. You can find this blog here.

In this blog I am going to show you how to do the same, but to provision Oracle API Platform environments.

The approach that I will be following is the same:

Continue reading “Teaching How to use Terraform to automate Provisioning of Oracle API Platform”

‘API life Cycle is invalid!’ Error for Oracle API CS API’s

Hi, just thought to post the solution for this error, when I hit this error, searched all over internet couldn’t find any specific blog describing possible cause of getting this error while invoking an API.

Let me give some background. I have created an API using Oracle API Platform Management Portal and when I tried invoking that API using google postman tool I was getting below error –

postmane

This was a silly mistake but worth highlighting. When we create API definition in API Management portal there is tab page “API Implementation” which has configuration field “API Request” where we need to define the API endpoint URL where consumer of this API will send input request. While I was declaring that portion I have given this URL “api/medrec”.

Continue reading “‘API life Cycle is invalid!’ Error for Oracle API CS API’s”

Oracle API Platform Cloud Service – Installation Steps of Gateway Node

In this blog I am going to document the Oracle API Platform Gateway Node (Version : 18.1.3) Installation steps which is one of the critical components of API Platform Cloud Service.

Oracle provides API Platform Cloud Service as a foundation product for API Management that comprises the Full API Lifecycle, encompassing the complete API Design & Documentation, API Security, Discovery & Consumption, Monetization, and Analysis etc.

Oracle API Platform comprises 3 major components as stated below to serve specific purpose-

Management Portal – This is used to create and manage APIs, deploy APIs to gateways, and manage gateways, and create and manage applications. You can also manage and Deploy APIs and manage gateways with the REST API.

Developer Portal – Application developers subscribe to APIs and get the necessary information to invoke them from this portal.

Gateway Node  – This is the security and access control run-time layer for APIs. Each API is deployed to a gateway node from the Management Portal or via the REST API.

In addition to above, Oracle also offer Oracle Apiary to quickly design, prototype, document and test APIs.

Below is the high level architecture diagram of API Platform.

Continue reading “Oracle API Platform Cloud Service – Installation Steps of Gateway Node”

Teaching How to use Oracle Load Balancer as a Service (LBaaS) to front end your APIs

In this blog, I am going to show you how to configure Oracle Load Balancer as a Service (LBaaS) to proxy/redirect traffic into multiple APIs. For the sake of this example, I am going to point to running APIs hosted on my Oracle API Gateway, as well as running on a 3rd party Cloud provider. However, you can use Oracle LBaaS to proxy traffic to any HTTP or HTTPS endpoint(s).

In this example, I am going to consume an existing API that I built some time ago that when invoked returns a random joke. In order to test it in high availability mode, I am also going to configure yet another “jokes” API that will serve as a redundant backend endpoint/API.

This is the high-level view of how Oracle LBaaS can easily enable multiple proxy/redirections to backend APIs hosted across various places:

Continue reading “Teaching How to use Oracle Load Balancer as a Service (LBaaS) to front end your APIs”

Teaching how Oracle Integration Cloud (OIC) simplifies Application Integration, Process Automation and API Management

In this blog I am going to show you three new capabilities introduced in Oracle Integration Cloud (OIC) that massively simplify the enablement of Application integration with extensions to Business Process Automation workflows and finally how to expose all of that as secured APIs via the Oracle API Gateway.

These three new capabilities are:

  1. Call your Process Cloud Service (PCS) workflows from an Integration Cloud Service (ICS) orchestration.
  2. Call your ICS integrations from a PCS business process.
  3. Expose your ICS integrations as APIs into the Oracle API Gateway

Our scenario is simple, it is an incident management extension, that requires some human intervention to manage service requests.

To be specific, let’s assume the following components:

  • We need to extend Oracle Service Cloud out-of-the box incident Management functionality with a custom business process automation. For this, Oracle Integration Cloud Service (ICS) will seamlessly listen/subscribe to events in Oracle Service Cloud and when a new Service Requests gets created, it will pass it on into Oracle Process Cloud Service (PCS) to manage the Human interventions.
  • PCS starts a new workflow and it redirects the various tasks to the appropriate task owners for approvals/rejections.
  • As the PCS workflow runs across the various human interventions, PCS keeps updating the Service Request status into Service Cloud (via ICS) to determine whether it is invalid and needs to be rectified or it is in progress until completion.
  • Finally, if we determine that this Incident Management extension workflow could become a reusable asset among other use cases, we can simply go to the ICS integration that triggers the PCS workflow and expose it as an API to be deployed and run into the Oracle API Gateway.

This is a high-level view:

Continue reading “Teaching how Oracle Integration Cloud (OIC) simplifies Application Integration, Process Automation and API Management”

Teaching How to Design and Secure an API with Oracle API Platform

This blog is the second part of an end-to-end exercise that starts explaining the steps to clone a GitHub repository that contains an agnostic Medical Records application, built by us in NodeJS and which exposes REST API endpoints via a Swagger API-descriptor running locally on Swagger UI (all included as part of the repository). The previous part of this 2-blogs series also explains the steps required to run the MedRec NodeJS application on Docker containers either locally or in the Oracle Public Cloud. For more information about this first part, go here.

Moving to this second part, we are going to cover the following steps:

  1. Create an Apiary account used to Design APIs (API First approach) and create a new API Project using the existing MedRec Swagger API-definition.
  2. We are going to spend a little bit of time playing with Apiary to feel comfortable in areas such as:
    1. Validating API definitions
    2. Testing API endpoints
    3. Switching across out-of-the-box Mock Servers and real Production MedRec service end-points.
  3. Login to Oracle API Platform and configure an API, this includes:
    1. Enforcing Security and other policies.
    2. Deploy API and securing access level to on-premise and Cloud-based API Gateways.
    3. Publishing APIs into the API Developers Portal.
    4. Linking API to Apiary Swagger API-definition living document.
  4. Login to API Developers Portal (API Catalog)
    1. Register a New Application
    2. Understanding the role of API Keys
    3. Reviewing MedRec API Documentation
    4. Registering to consume MedRec APIs
    5. Testing APIs.
  5. Understand API Analytics, consumption, metrics and monitoring dashboards.

Continue reading “Teaching How to Design and Secure an API with Oracle API Platform”