Beruflich Dokumente
Kultur Dokumente
AMPLIFY API
Management
30 July 2018
Copyright © 2018 Axway. All rights reserved.
This documentation describes the following Axway software:
Axway AMPLIFY API Management
No part of this publication may be reproduced, transmitted, stored in a retrieval system, or translated into any human or
computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or
otherwise, without the prior written permission of the copyright owner, Axway.
This document, provided for informational purposes only, may be subject to significant modification. The descriptions and
information in this document may not necessarily accurately represent or reflect the current or planned functions of this
product. Axway may change this publication, the product described herein, or both. These changes will be incorporated in
new versions of this document. Axway does not warrant that this document is error free.
Axway recognizes the rights of the holders of all trademarks used in its publications.
The documentation may provide hyperlinks to third-party web sites or access to third-party content. Links and access to
these sites are provided for your convenience only. Axway does not control, endorse or guarantee content found in such
sites. Axway is not responsible for any content, associated links, resources or services associated with a third-party site.
Axway shall not be liable for any loss or damage of any sort associated with your use of third-party content.
Contents
Preface 6
Who should read this guide 6
How to use this guide 6
API Management documentation set 6
API Gateway documentation 6
API Manager and API Portal documentation 7
Accessibility 9
Screen reader support 9
Support for high contrast and accessible use of colors 9
2 Installation 35
Install API Management modules 35
Install API Builder modules 35
Prerequisites 35
Install a deployment hosted in Axway Appcelerator cloud 36
Install a deployment hosted in a virtual private cloud (VPC) or an on-premise cloud 36
Secure the connection between API Manager and API Builder 36
Install Embedded Analytics for API Management modules 37
Deploy Mobile Backend Services 37
4 Create APIs 40
Create APIs using API Builder 40
Create APIs using API Gateway 40
5 Create policies 41
Integrate with back-end services 41
Configure security policies 41
6 Manage APIs 43
Register and virtualize REST APIs in API Manager 43
Register and manage application APIs in API Manager 43
Virtualize Mobile Backend Services in API Manager 44
Register native APIs 44
Access published APIs from API Manager 44
9 Add DevOps 47
Team development 47
Deployment and promotion 47
10 Multi-datacenter deployment 48
This guide provides an overview of the AMPLIFY API Management solution and describes its main
concepts, features, and architecture.
Note Customers with active support contracts need to log in to access restricted content.
Describes the main API Gateway features and how to configure them using the Policy Studio
graphical tool.
l API Gateway Policy Developer Filter Reference
Describes the filters that you can use when developing policies in Policy Studio, and how to
configure them.
l API Gateway DevOps Deployment Guide
Describes how to promote and deploy API Gateway configuration between different
environments (for example, development, testing, and production).
l API Gateway OAuth User Guide
Describes how to configure API Gateway for OAuth 2.0 and OpenID Connect.
l API Gateway Developer Guide
Describes how to extend, leverage, and customize API Gateway.
l API Gateway Key Property Store User Guide
Describes how to use the Key Property Store (KPS) to configure and manage data referenced
from policies running on API Gateway.
l API Gateway Kerberos Integration Guide
Describes how to integrate API Gateway with Kerberos SPNEGO authentication.
l API Gateway Authentication and Authorization Integration Guide
Describes how to integrate API Gateway with Identity Management systems (for example, LDAP
servers, CA Siteminder, and so on).
l API Gateway PassPort Interoperability Guide
Describes how to configure API Gateway and Axway PassPort to work together.
l API Gateway Sentinel Interoperability Guide
Describes how to configure API Gateway and Axway Sentinel to work together.
l API Gateway Validation Authority Interoperability Guide
Describes how to configure API Gateway and Axway Validation Authority to work together.
l API Portal User Guide
Describes how to use API Portal.
Axway strives to create accessible products and documentation for users.
This documentation provides the following accessibility features:
l Screen reader support on page 9
l Support for high contrast and accessible use of colors on page 9
This guide includes the following documentation changes:
l Updated the guide with links to documentation for the latest g eneral availability (GA) releases
of API Gateway, API Manager, and API Portal.
l Updated the deployment options with the form factors available in the latest (GA) releases. For
details, see Deployment options on page 30.
l Added an overview of AMPLIFY API Central Service. For details, see AMPLIFY API Management
modules on page 27.
l Added an overview of Mobile Backend Services. For details, see AMPLIFY API Management
modules on page 27.
l Added information on how to virtualize APIs developed in API Builder in API Manager using API
Runtime Services connector. For details, see Register and manage application APIs in API
Manager on page 43.
l Added information on how to virtualize Mobile Backend Services in API Manager. For more
details, see Virtualize Mobile Backend Services in API Manager on page 44.
l Added a new topic on connecting to the AMPLIFY API Management trial and marketplace. For
more details, see Connect to the trial and marketplace on page 33.
AMPLIFY API Management enables you to create APIs from cloud applications and on-premise
services, control the use of APIs, and enable self-service consumption of APIs.
This section introduces the AMPLIFY API Management solution, its business use cases, and provides
an overview of its main features.
l Key capabilities on page 11
l API lifecycle on page 13
l Key concepts on page 15
l Main use cases on page 24
l AMPLIFY API Management modules on page 27
l Deployment options on page 30
l Reference architecture on page 32
l Connect to the trial and marketplace on page 33
Key capabilities
The following diagram outlines the key components in AMPLIFY API Management solution, and how
they integrate with different services and channels.
Create
AMPLIFY API Management provides multiple ways to create new APIs to ensure flexibility in
addressing a wide range of API provider scenarios:
l API Builder is the primary mechanism for creating new APIs that integrate with cloud or SaaS
and on-premise applications. Design, build, test, and run JavaScript-based APIs and micro-
services on a modern Node.js platform.
l API Gateway enables development of APIs that integrate with on-premise applications and
require data transformation or mediating API-centric identities to legacy identities.
l APIs that applications expose natively can be registered directly in API Manager.
Govern
All APIs are registered in API Manager to manage, secure and scale the API usage of the API
consumers.
l APIs are imported into API Manager and exposed with applied authentication, authorization and
quota management policies. You can also develop custom security and governance policies in
Policy Studio and apply them to your APIs.
l API Gateway provides security and threat protection capabilities deployed in the Demilitarized
Zone (DMZ) to secure external API traffic entering the enterprise.
l APIs can be accessed only through a secure SSL connection.
l APIs can be accessed only through API Manager to prevent client applications invoking the APIs
directly in an unsecured and unmanaged manner.
Consume
APIs are published to API Catalog in API Manager to enable API consumers to d iscover and use APIs
in their client and mobile applications. AMPLIFY API Management provides flexibility to support
multiple mechanisms for enabling API consumption:
l API Manager is the preferred option for internal-facing API Catalogs. It provides the developer
portal core capabilities for API consumers, such as self-registration, browsing the API Catalogs,
managing user credentials, and monitoring API usage.
l API Manager API enables you to create custom developer portals or integrate with your current
portals, leveraging your existing technologies and development skills.
l API Portal is an optional add-on to AMPLIFY API Management to provide a Joomla!-based
developer portal with blog and forum capabilities, branded and customized for external-facing
API Catalogs.
Measure
AMPLIFY API Management provides API usage analytics at all stages of the API lifecycle for both API
providers and API consumers.
l API Gateway provides real-time operational monitoring, enabling API providers to identify and
troubleshoot issues and to drill into individual API requests and message contents.
l API Manager and API Portal provide key API usage information on both API providers and API
consumers.
l API Gateway Analytics is an optional add-on to AMPLIFY API Management to provide you more
detailed historical API usage reports.
l Embedded Analytics for API Management provides preconfigured dashboards that provide real-
time operational and strategic analytics, enabling API providers to investigate both current and
past issues, as well as proactively identify abnormal situations before they become critical.
API lifecycle
AMPLIFY API Management provides complete coverage of the API lifecycle.
l CREATE – enable API providers to create new APIs from cloud, Software as a Service (SaaS), or
on-premise applications and data sources.
l GOVERN – manage, secure and scale the API usage of the API consumers.
l CONSUME – publish APIs to API Catalog to enable API consumers discover and use APIs as
self-service.
l MEASURE – monitor API usage analytics at all stages of the API lifecycle for both API providers
and API consumers.
Key concepts
This topic introduces the key concepts and terminology in AMPLIFY API Management in detail.
l API provider on page 16
l API consumers on page 16
l API management on page 18
l API development on page 19
l API proxying on page 21
l API versioning on page 21
l Sandbox and production APIs on page 21
l API consumer onboarding on page 23
l Policy management and development on page 23
API provider
The API provider is the enterprise deploying Axway AMPLIFY API Management to expose APIs to API
consumers, like a credit card company providing payment services to various customers.
The API provider includes the following user roles:
l API administrator: An API administrator has the overall responsibility for managing the
consumption of APIs by API consumers. API administrator registers, tests, and publishes APIs to
API Catalog, manages API consumers and policies controlling their API use, and monitors
overall API usage.
l API developer: An API developer develops the back-end services and applications that expose
APIs. The API developer provides the details of the APIs to the API administrator who registers
and publishes them in API Catalog. If delegated API registration (optional) is configured, the
API developer can directly register, test, and publish the APIs.
l Policy developer: A policy developer uses Policy Studio to develop custom policies that can
be applied to APIs. The policy developer can double as an API developer and use Policy Studio
to develop new APIs from back-end services and applications that do not expose APIs.
l API Gateway administrator: An API Gateway administrator is a system administrator
responsible for monitoring the API Gateway and traffic flowing through it. API Gateway
administrator manages settings and configuration deployments, and troubleshoots any issues
in the API Gateway. For more details, see the API Gateway Administrator Guide.
API consumers
API consumers use the APIs that the API provider provides. API consumers can be organizations,
end users, client application developers, o r client applications. For example, the API consumers for a
credit card company could be specific hotel and retail organizations that enable their customers to
make payments by credit card.
The following diagram shows the API consumer organizations and user roles:
The API consumers can be grouped as follows:
l Organization: An organization defines the logical grouping of API consumers. An organization
can be either external, such as a business partner, or internal, like a business unit or project
team, to the API provider. Organizations are named and have a trusted relationship with the API
provider.
External and internal organizations can be included in the same deployment. With delegated
organization administration, the organizations can manage the application developers and
client applications in their own organization by themselves.
l Organization administrator: An organization administrator performs the administrative tasks
that the API provider chooses to delegate to the organization. The organization administrator
can use API Portal to manage client application developers within the organization, register new
developers, and manage the credentials and monitor the API usage of all client applications in
the organization.
l Community organization: A community organization provides an optional, built-in
organization of anonymous, untrusted API consumers not explicitly tied to any trusted
organization. The community organization provides a mechanism to recruit external client
application developers to browse APIs and to build client applications with minimal oversight
and approval.
API consumers in the community organization can be associated with a named organization
and become trusted. It is not recommended that production-level client applications run in the
community organization. Instead, these API consumers must move to a trusted organization
before the client application is deployed in production. Delegated organization administration
is not supported for the community organization, and there is no organization administrator.
l Client application developer: A client application developer develops and tests client
applications (mobile and web) that use the APIs the API provider provides. The client
application developer is a member of an organization and uses API Portal to browse API
documentation, try APIs, manage client application credentials, and monitor API usage.
l Client application: A client application consumes and invokes the APIs. The client
application can be a mobile application, a web application, or a system-level application. The
client application is associated with an organization.
API management
API management enables the API provider to publish REST APIs and SOAP web services to
consumers, and to manage how these consumers use the APIs.
The following diagram shows the high-level API management architecture:
This architecture includes the following capabilities:
includes partner-based management of API consumers. Delegated partner administration
enables partner organizations to manage their own API consumers, making it easier for you to
manage large partners or a large number of partners.
l Policy management and enforcement: Provides built-in authentication, authorization, and
quota management policies. These built-in policies can be extended with custom policies
specific to the API provider.
l Self-service API consumption: Application developers creating client applications that will
use the APIs can consume the APIs as self-service. Application developers can self-register,
browse API documentation, try APIs to understand their behavior, monitor their use of APIs,
and find support on the APIs from blogs and discussion forums in API Portal.
l Governance alerts: You can configure alerts generated for governance events associated with
APIs, API consumers, policies, or runtime events. These alerts trigger custom policies to take
the appropriate action, such as notifying an external notification system. The following are
examples when you could use a governance alert:
o When an API is deprecated and API consumers must be notified
o When a new client application developer is registered and needs API administrator
approval
o A client application reaches its API quota
API development
API proxying assumes that the back-end service exposes REST APIs or SOAP web services that can
be registered and proxied for API consumers to use. For more details, see API proxying on page 21.
With AMPLIFY API Management, you can develop REST APIs from non-REST API back-end services
using graphical p olicies.
The following diagram shows the API development architecture:
You can define the REST API and the p olicy to integrate the REST API with the back-end services in
Policy Studio. You can then proxy the REST API and make it available to API consumers just like any
other API. If you want to expose a REST API proxy for a back-end service that does not offer a native
REST API, you must first develop a REST API for the back-end service. You can then proxy the newly
developed REST API.
For example, in the SOAP-to-REST use case, an existing SOAP web service must be exposed as a new
REST API. You design the REST API and integrate it with the SOAP web service. You proxy the REST
API and make it available to API consumers. In addition, you could orchestrate multiple calls to the
REST API to integrate it with multiple back-end services.
This way, there is a single consistent approach for registering APIs, proxying the APIs, and
managing how APIs are consumed in API Manager regardless of the back-end API implementation (a
native API or developed from a non-REST back-end API).
The lifecycle of policy-developed APIs is different to the lifecycle of the custom policies that are
deployed on the same API Gateway that is running API Manager.
API proxying
AMPLIFY API Management enables you to proxy REST APIs and SOAP web services and apply
policies to them to manage the consumption by API consumers. API consumers invoke the proxied
APIs, and after the policies are applied, the request is routed to the back-end REST API or SOAP web
service implementation.
API proxying includes the following approaches:
o Methods exposed
o Documentation
o Method paths and parameters
o Authentication and policies
For details on API proxying a back-end service without a native REST API, see API development on
page 19.
API versioning
You can expose multiple versions of a single API to API consumers using AMPLIFY API Management.
Each version of the API is managed as an independent API, with its own unique URL and its own API
lifecycle.
For more details, see API provider on page 16.
l Sandbox APIs: API consumers can use the sandbox APIs to see what APIs are available for the
API provider and to develop client applications against those APIs. Sandbox APIs route requests
to sandbox services that the API provider has made available to support the development of
client applications. Using API Portal, the application developer can browse the API
documentation, try APIs to understand their behavior, manage client application credentials,
and use the blogs and discussion forums to get more information. When the application
developer represents also the end user when developing the client application.
l Production APIs: Real end users using the client applications in production environment use
the production APIs. Production APIs route requests to the production services of the API
provider. Using API Portal, the application developer can manage client application credentials
and monitor how the client application uses the APIs.
AMPLIFY API Management deploys sandbox and production APIs into separate environments. The
different security and quality of service requirements between these environments keep sandbox
and production API traffic separate.
The following diagram shows example sandbox and production API environments:
Onboarding API consumers into the production API environment means you must have more
governance processes in place. For example, to support the expected client application load for an
external business partner, you may need to have financial and legal criteria, quotas, and SLA
agreements all d efined and set up.
The following diagram shows an overview of the policy management hierarchy:
AMPLIFY API Management provides a number of built-in policies that you can apply to APIs, for
example:
l Authentication mechanisms (such as, API keys or OAuth 2.0) for client applications
l Authorization mechanisms for controlling both organizations' and client applications' access to
APIs
l Quotas to limit the API requests that client applications can make
The API developer or API administrator can apply these custom policies when registering an API.
In addition to the build-in policies, you can also configure custom p olicies, and apply them to the
API request from the client application, the API response that is returned to the client application, or
the routing to the back-end service. For example, you may have specific security policies that need
to be applied to all API requests, or the identity of an end user of the client application may need to
be authenticated and mapped to a different token.
The custom policies are developed independently of APIs to build a library of policies that can be
applied to APIs. The policy developer uses Policy Studio to graphically develop. The developed
policies c an then be deployed in both the sandbox API and production API environments. The API
developer or API administrator can apply these custom policies when registering an API.
The lifecycle of these custom p olicies is different to the lifecycle of APIs.
Common use cases for AMPLIFY API Management include:
l Digital transformation on page 24
l API-centric application integration on page 25
l Identity mediation and single sign-on on page 26
l Extend the use of existing web services by converting them to REST APIs for use in mobile
applications.
l Expose and secure services on an Enterprise Service Bus (ESB) for external business partners.
l Create new APIs that aggregate capabilities of multiple cloud applications.
Digital transformation
AMPLIFY API Management enables digital transformation of organizations, end exposing easy-to-
consume APIs to digital consumers secured, managed, and integrated with the back-end application
services that cloud and on-premise applications provide.
This facilitates and accelerates how organizations design, secure, manage, and integrate APIs. It
also enables developers and partners to discover, subscribe, use, and monitor APIs.
This use case includes the following sub-use cases:
This use case includes the following sub-use cases:
This use case includes the following sub uses cases:
l Single sign-on (SSO) scenarios
l Dynamic authentication and authorization
l Cloud Access Security Broker (CASB)
l API Builder on page 27
l Mobile Backend Services on page 28
l API Gateway on page 28
l API Manager on page 29
l API Central Service on page 29
l API Portal on page 29
l Embedded Analytics for API Management on page 29
API Builder
API Builder is a framework for building and running APIs either visually using the point-and-click
interface or programmatically.
API Builder has two main components, API Builder and API Runtime Services. With API Builder, you
can create APIs, models, and connectors to access data. Combine data from multiple sources,
optimize the payload size, convert data to mobile formats, and finally deliver data to any app client,
native or web. API Runtime Services provides a scalable infrastructure to run all your apps, as well as
a repository to store, find, and share reusable app and API components.
For more details on API Builder, see API Builder documentation.
App developers can call the MBS APIs to integrate with their apps, and add mobile features without
the overhead of server coding or administration. Instead, developers can focus on client-side
development and thus reduce overall time to market for their apps. Software development kits
(SDKs) for integration with the following mobile platforms:
l Titanium
l Android
l iOS
l Node.js
For more details on Mobile Backend Services, see Mobile Backend Services documentation.
API Gateway
API Gateway is a server-side application you can use to manage, deliver, and secure APIs. API
Gateway provides services such as API integration, transformation, control and governance,
security, monitoring, development lifecycle, and administration.
With API Gateway you can bridge across different channels, from on-premises systems to cloud
services, and from mobile devices to the Internet of Things (IoT). Integrate with your existing
applications, identity management systems, communication protocols and other assets out of the
box.
API Gateway comes with Policy Studio, an Eclipse-based graphical integrated development
environment (IDE). Using Policy Studio, you can quickly to define, configure and manage API
policies and open up existing applications as APIs. The web-based dashboards of API Gateway
Manager and API Gateway Analytics provide managing and monitoring API deployments at runtime.
Gain real-time end-to-end visibility on the API usage, and receive alerts and troubleshoot APIs to
find and fix issues. This helps you minimize business disruption and gain insights how to improve
business performance.
For more details, see API Gateway Concepts Guide.
API Manager
API Manager is a web-based API administration and management tool layered on API Gateway.
With API Manager, you can build a central catalog of all available APIs, and virtualize them as
needed. This way, you can centrally govern your APIs and how and by whom they are consumed.
Secure APIs using a broad range of security and authentication profiles, and protect the back end
with throttling and quota management policies. In addition, you can connect in one click with the
most popular cloud applications and expose their APIs, or create complex integration scenario using
custom advanced integration policies.
For more details, see API Manager User Guide.
API Central Service provides:
l Unified support for APIs with a consistent user experience.
l Central, cloud-based governance with hybrid runtime deployment.
l Self-service governance to support massive organizational adoption.
For more details, see API Central Service User Guide.
API Portal
API Portal is a self-service developer portal layered on both API Manager and API Gateway.
API Portal enables both internal or external client application developers to browse, consume, build,
and test APIs for use in their applications on their own. You can use several channels, such as FAQs,
articles, forums or blogs, to provide more information for the developers and to encourage
developer engagement. The look and feel of the web-based API portal is fully customizable to match
your brand and image.
For more details, see API Portal Administrator Guide.
With preconfigured Decision Insight dashboards, you can investigate both current and past issues,
as well as proactively identify abnormal situations before they become critical.
You can set up multiple dashboards geared for different roles in API Management or addressing
different domains. This provides different viewpoints to the same API activity depending on role in
question. You can also customize dashboards to enhance and fine-tune the analytics metrics to suit
your needs and environment.
For more details, see Embedded Analytics for AMPLIFY API Management documentation.
Deployment options
The following explains the different options for hosting you AMPLIFY API Management solution as
well as the form factor available for each module.
l Hosting options on page 30
l Form factors on page 31
Hosting options
You can choose how you want your AMPLIFY API Management deployment to be hosted:
l On-premise hosting on page 30
l Virtual private cloud hosting on page 31
l Axway Cloud hosting on page 31
On-premise hosting
Hosting your AMPLIFY API Management deployment on-premise offers you the following form factor
options: a software installation o r Docker containers. You can also mix different form factors across
the solution.
On-premise hosting means the solution can be located fully within your domain, increasing security.
You are fully in control of the whole AMPLIFY API Management solution, which on one hand means
increased flexibility and customization options, but on the other hand also added overhead and
increased resource requirements.
If your API consumers are only internal, such as employees or business partners who have access to
your internal network, hosting AMPLIFY API Management on-premise is the best option because
there is no benefit to a cloud solution in this case.
VPC hosting makes the hardware infrastructure and its maintenance a service you can outsource,
making scaling the system to your needs quicker and easier . Even without managing the hardware
yourself, you still manage the AMPLIFY API Management solution like in on-premise hosting.
VPC is excellent for external API consumers who do not have access to your internal network. As a
cloud solution, it is also accessible from anywhere.
Axway Cloud is the turnkey solution when time to market is of the essence. The solution is ready to
use for you without any management overhead. While this does mean less flexibility for
configuration options, it also means simplicity and quickly getting on with the basic use cases.
Like VPC, Axway Cloud is excellent for external API consumers as well as accessible from anywhere.
Form factors
AMPLIFY API Management modules are available as follows:
API Builder l Software installation on Windows, UNIX/Linux,
and macOS
l Docker
Mobile Backend Services l Axway-hosted API Runtime Services VPC
l Axway Appcelerator Public Cloud
API Gateway and API Manager l Software installation on UNIX/Linux
l Docker
AMPLIFY API Central Service AMPLIFY Platform
API Portal l Software installation on Red Hat Enterprise Linux 7
l Docker
Embedded Analytics for API l Software installation on Windows and UNIX/Linux
Management l Docker
The available options depend on the component and how your AMPLIFY API Management is hosted.
Reference architecture
The following diagram shows the recommended AMPLIFY API Management reference architecture.
API Builder is deployed in the internal network behind the internal firewall on a dedicated set of
machines.
A single API Management d omain is deployed. The domain consists of two groups:
l Internal-facing API Management group for internal API consumers. This is deployed in the
internal network behind the internal firewall.
l External-facing API Management group for external API consumers. This is deployed in the
DMZ.
Both API Management groups have two API Gateway instances deployed on separate machines for
HA.
For more details on API Management domains and groups, see API Gateway Concepts Guide.
APIs intended for internal API consumers are registered with API Manager in the internal-facing
group and published to that API Catalog. Likewise, APIs for external API consumers are registered
with API Manager in the external-facing group and published to that API Catalog. If an API is made
available to both internal and external API consumers, it is registered and published to both groups.
Internal client application developers can use the internal API Catalog to browse and consume the
internal-facing APIs available to them. They belong to the internal group in API Manager or API
Portal.
External client application developers can use the external API Catalog to browse and consume the
external-facing APIs available to them. They belong to the external group in API Manager or API
Portal.
You can use API Builder to create new APIs that integrate with cloud applications and back-end
services. API Builder generates a Swagger 2.0 definition for the API. This definition is then imported
into API Manager to register and publish API to API Catalog.
If you use API Gateway to develop a new API, the API is deployed to a API Gateway instance in the
internal-facing API Management group. You can use API Manager to register the API to the internal-
facing or external-facing API Management group, or both.
You can follow the steps in the API Management Tutorial to learn the basic capabilities.
l Install API Management modules on page 35
l Install API Builder modules on page 35
l Install Embedded Analytics for API Management modules on page 37
l Deploy Mobile Backend Services on page 37
1. Install API Gateway.
2. Install API Manager.
3. Install API Portal.
You can install API Gateway and API Manager together in one installation dialog.
Tip API Gateway installer comes with a Quickstart demo that walks you through the key
components and example operations.
API Portal has its own installer. After installing API Portal, you must link it to API Manager.
For more details on installing and configuring the modules API Gateway and API Manager for either
a single-node or a multi-node high-availability (HA) deployment, see the API Gateway Installation
Guide.
For more details on installing API Portal, see the API Portal Installation and Upgrade Guide.
Prerequisites
Before you start installing API Builder components, you must add the IP address of the machine
running API Builder to the DNS or to hosts file on any other machine accessing AMPLIFY API
Management. For example:
10.142.59.203 appc02.axway.int
In addition, after you have installed API Builder, you must add the domain API Builder is running in
to the list of allowed domains in API Builder.
1. Install Node.js.
2. Install API Builder CLI.
3. Configure API Runtime Services.
For more details on installing and configuring API Builder, see API Builder Getting Started Guide.
1. Install Node.js.
2. Install Appcelerator Private VMWare OVA file for Arrow Cloud installation on a private cloud
using its OS-specific installer file.
For more details on installing and configuring API Runtime Services Self-install documentation.
For more details, see "Configure a connector for Axway API Runtime Services" in the API Manager
User Guide
1. Install Decision Insight.
2. Download the Embedded Analytics for API Management package and import it into Decision
Insight.
For more details on installing and configuring Decision Insight, see the Decision Insight
documentation.
For more details on configuring Embedded Analytics for API Management, see Embedded Analytics
for AMPLIFY API Management documentation.
1. Deploy MBS to a Docker container. For more details, see API Runtime Services Self-install
documentation.
2. Create a datasource for MBS. For more details, see Mobile Backend Services Getting Started .
The following diagram shows an example of the hybrid model:
One or more development environments are deployed on-premise, while the test or staging
environment and production environment are hosted in a virtual private cloud (VPC) in Axway
Cloud. You get a predefined and secured VPC architecture while leveraging your existing
infrastructure in the development environment.
The development environment has unlimited term license for AMPLIFY API Management. You can
combine the design tools, such as Policy Studio and Configuration Studio, and the AMPLIFY API
Management runtime components that Axway provides with your own DevOps tools and continuous
integration and continuous deployment (CI/CD) chains. Axway provides a secure deployment
channel from on-premise development environment to the test or staging environment in the Axway
Cloud and further on to the production environment.
The staging and production environments in Axway Cloud are fully managed by Axway and use
Axway CI/CD chains. You can access the web UIs of the products in both environments simply using
a standard browser. The production environment can be configured for high availability (HA).
Axway also provides additional services, such as building, deploying, and maintaining
customizations you need to the system. These customer artifacts may include the following:
l Policies
l API Builder APIs
l API Catalog
l Client registry
l API Portal customizations
l API Gateway Analytics reports
l Embedded Analytics for API Management dashboards
For more details on products in Axway Cloud, see the following:
l API Manager User Guide
l API Portal Cloud User Guide
l API Gateway Analytics User Guide
In API Builder, APIs are created as projects, standard Node.js applications running in the Arrow
Cloud environment. You create a project, add API end-points ( API Builder APIs) to define ways how
client applications can access your API, or other components, such as models. Once your API is
ready, API Builder generates a Swagger 2.0 definition for the API (see API Builder Console
documentation). You can then import the Swagger definition to API Manager and register the API.
API Builder comes with prebuilt connectors for different services, such as Salesforce, Azure, MS SQL,
MySQL, MongoDB, orSwagger, making integration with cloud applications and services easy. In
addition you can create custom connectors for any data source, and reuse the connectors as needed
in your APIs. For easy integration with mobile applications, you can optimize the payload size and
data format for your APIs.
For a walk-through of the basics of API creation, see API Builder Getting Started Guide.
You can create new APIs in Policy Studio using the REST API development wizard. The REST APIs
can be based on existing back-end REST or non-REST APIs, but you must specify a custom routing
policy for REST API methods. The policies for request and response processing are optional, and
you can specify them as required. When your API is ready, you can register it in API Manager.
For more details on creating new APIs in Policy Studio, see "Develop REST APIs in Policy Studio" in
the API Gateway Policy Developer Guide.
AMPLIFY API Management provides a number of built-in policies that you can apply to APIs. In
addition, policy developers can use Policy Studio, a graphical tool, to develop custom policies.
In Policy Studio, a policy is assembled by selecting filters from the filter palette on the right and
dragging and dropping them onto the policy canvas to be configured. The configured filters are
then connected to a policy using success and failure paths to trace a path through a set of filters and
create sophisticated rules. Some filters require configuring additional resources or settings before
the filters can be used. You can find these additional resources and settings from the node tree on
the left.
For more details on Policy Studio, see the API Gateway Policy Developer Guide.
For more details, see the API Gateway Concepts Guide and the API Gateway Policy Developer Guide.
Data is routed based on sender identity, content, and type. This means that messages are sent to the
appropriate application in a secure manner. It also enables service virtualization, where services are
exposed to clients with virtual addresses to mask their actual addresses and shield endpoint services
from direct access for added security.
Data monitoring, redaction, encryption, and signing facilitates privacy compliance support. For
example, you can encrypt sensitive information, such as customer names, or strip that information
out of message traffic.
For identity management, you can configure different kinds of authentication policies in Policy
Studio, and integrate with existing third-party Identity Management (IM) infrastructures for
authentication and authorization.
For more details, see the following:
l API Gateway Concepts Guide
l API Gateway Policy Developer Guide
l API Gateway Authentication and Authorization Integration Guide
l API Gateway Kerberos Integration Guide
API Manager has two key concepts, back-end API and front-end API. A back-end API is the
definition of the API that you register into API Manager. A front-end API is the virtualized publicly
exposed proxy of the back-end API that routes to the back-end API. The front-end API is hosted on
API Gateway and invoked by client applications.
By default, the front-end API is the same as the back-end API, proxying the API as is. However, you
can edit the front-end API, like change the URL path, change and map parameters, or improve the
documentation, to present an enriched, public-facing API to client applications. In addition, the
back-end API can change over time and you can control how changes are exposed to client
applications, thus minimizing or eliminating the potential impact on these applications.
For more information on registering and virtualizing APIs in API Manager, see the API Manager User
Guide.
For example:
73b332f7c1af1f57e962822d2abfca5ddb61296a.appc02.lab.dubl.axway.int
To access the API Builder browser interface for the API, go to https://<GUID.<domain_
name from the config>/arrow. For example:
https://73b332f7c1af1f57e962822d2abfca5ddb61296a.appc.axway.int/arrow
To access the Swagger definition for the API, go to https://GUID.<domain_name from
the config>/arrow/swagger.json. For example:
https://73b332f7c1af1f57e962822d2abfca5ddb61296a.appc.axway.int/arrow/sw
agger.json
Developers can use API Catalog to browse, consume, build, and test APIs for use in their
applications. They can register their applications, as well as obtain credentials, such as API Key or
OAuth, for the applications. The API administrator approves or rejects the registered applications. If
an approved application needs access to another API, the API administrator manages these requests
as well. If needed, the user and application management can be automatically approved or
delegated to organization administrators.
For more details, see "Administer APIs in API Manager" in the API Manager User Guide.
For more details on customizing API Portal, see the API Portal Administrator Guide.
The Traffic Monitor enables real-time monitoring of message traffic, enabling easy identification of
exceptions, and drilling into policy execution steps and message content to perform root cause
analysis.
For more details on API Gateway Manager, see the API Gateway Administrator Guide.
For more details, see Embedded Analytics for AMPLIFY API Management documentation.
The monitoring data in API Manager, API Gateway Analytics, and API Portal is obtained from the
metrics database. You can filter the metrics displayed b ased on several different criteria.
For more details, see "Monitor APIs and applications in API Manager" in the API Manager User Guide.
For details of how to set up the metrics database, see "Configure the metrics database" in the API
Gateway Installation Guide.
Team development
In AMPLIFY API Management, API Gateway team development makes it possible for a team of p olicy
developers to work in parallel using a project-based approach to develope APIs, policies, and
associated resources, and to deploy them as a single API Gateway configuration using a Source
Code Management (SCM) system.
Team development incorporates continuous integration (CI) and continuous delivery (CD) practices
in API Gateway system to use the best practices for development, deployment, and promotion, and
to support the increasing use of DevOps tooling.
For more details, see "Introduction to API Gateway team development" in the API Gateway DevOps
Deployment Guide
The configured or developed artifacts (such as APIs, policies, and configurations) move from
development to production. Deployment refers to deploying a configuration to the local domain.
Promotion refers to p hysically moving a configuration from one environment to another, and
configuring environment-specific values so that the configuration can be deployed in each
environment.
For more details, see "Introduction to API Gateway d eployment and promotion" in the API Gateway
DevOps Deployment Guide
In addition, using multiple datacenters helps to ensure constant operation. If one datacenter fails
and goes down, traffic can be routed to another, working datacenter.
A single API Gateway group configuration is shared across the datacenters. This means that all API
Gateway instances are managed as a single unit, and run the same configuration to virtualize the
same APIs and execute the same policies. Data is replicated between all datacenters.
Each datacenter must have at least two API Gateway instances, at least one of which is an Admin
Node Manager. However, you can configure mutliple Admin Node Managers per datacenter for high
availability.
For more details on multi-datacenter deployment, see "Configure API Management in multiple
datacenters" in the API Gateway Installation Guide.