Posted on

Choreo Is neither aPaaS, nor iPaaS

Background

WSO2 has been building enterprise software since 2005 and the team has been working with 1000s of enterprise customers ever since. WSO2’s products cover a range of capabilities from API Management (APIM), Integration, Stream Processing, and Customer Identity and Access Management (CIAM). All these product capabilities are available to the users as installable software (binaries) that can be installed on customers' choice of infrastructures such as physical servers, virtual machines, and cloud infrastructure. In addition to these installable versions, WSO2 has offered these functionalities as a cloud (SaaS) solution via WSO2 Cloud. This SaaS offering was a scalable installation of WSO2 products on a shared cloud infrastructure which did not provide many capabilities beyond the installable components’ functionality.

WSO2 team has identified this as a limitation of the platform given the fact that most enterprises are moving towards cloud and cloud-native solutions. After several years of RnD efforts, the WSO2 team is thrilled to announce the General Availability (GA) of Choreo on 30th March 2022. The official announcement can be found here.

Posted on

What D’Hack Is DPoP?

OAuth2.0/OpenID connect is considered the fastest-growing protocol used by many application developers for access delegation and single-sign-on. This is due to its flexibility and high security compared to other protocols in the market. In contrast, the world is full of hackers who are desperately looking for flaws that you make when developing an application. Single Page applications or public clients which do not use MTLS secure transport layers are considered to be the most vulnerable source of an attack. 

Standard Token Flow

Despite the application type, the standard OAuth2.0/OpenID connect flow is similar to the below diagram (Figure 2). There are three actors involved: Client, Resource Server, and Authorization Server. The client will initiate the authorization request. Upon user authentication, the authorization server will issue an access token and refresh token for the user with an expiry time. Then, the client can use these tokens to access the protected resource from the resource server.

Posted on

Quantum Duality of API as a Business and a Technology

As an API strategy store project manager who is responsible for the API program, you have to look at both of these two sides and find the balance. It’s really hard to say what the correct balance is because it totally depends on the current landscape, on the business models, as well as on the technology maturity that you have. So you have to analyze it, and then look at the maturity model, and have a proper way of increasing or improving the business models as well as improving your technology stack.

What I’m going to do in this article is walk you through the concept of quantum duality of API as a business and API as a technology because a lot of organizations are focusing on API programs, but they are looking at only one aspect of this problem: either the business side or the technology side. However, we need to have a balance. This is where I’m going to discuss and share some of my experience working with different types of enterprises around the globe. The first thing we’ll talk about is the federation and business models around APIs, and then we will move on to how this polyglot and heterogeneous nature affects API development. From the technology side, it will be how you can move to the cloud and leverage cloud-native technologies and how you can modernize the development. All of these four pieces are tied together for a successful API program, so I’m going to discuss these concepts.

Posted on

Why Develop a Decentralized Application Architecture for Cloud-Native, API-centric, and Microservices Patterns

This article is outlining the cell-based architecture, which was published as an open specification on GitHub summer-2018. Our approach creates a pragmatic and technology-neutral reference architecture that addresses the requirement for agility. It can be instantiated to create an effective and agile method for digital enterprises, deployed in private, public, or hybrid cloud environments.

When I present the new architecture at technology events, one common question is the reason we are defining a new reference architecture in an already crowded market.  This article lists the motivating factors.  

Posted on

Reference Architecture: Deploying WSO2 API Manager on Microsoft Azure

Introduction

WSO2 is a 15+ years old software engineering organization that provides a set of Open Source products/platforms for API Management, Enterprise Integration, and Identity and Access Management.

Meeting current industry demands, all the WSO2 product can be deployed on any of the below infrastructure choices:

Posted on

Cloud-Native Observability With WSO2 Micro Integrator

In a distributed systems environment, troubleshooting and debugging are critical and also very challenging tasks. WSO2 Micro Integrator offers the possibility to integrate with cloud-native monitoring tools in order to provide a comprehensive observability solution with log monitoring, message tracing, and metrics monitoring.

With WSO2 MI we have two approaches to help us deal with observability:

Posted on

Revolutionizing the Product Update With WSO2 Update 2.0

Every software application undergoes various changes over time and as a result, we get patches/ hotfixes, updates, and new version releases. Those changes can be either architectural/ technical changes to suit the current technology landscape or functional changes to meet end-users’ demanding needs. An update or a new release of a software application can consist of either of those changes or maybe both.

Software applications that do not meet time to market when releasing updates and new versions and take a long time to release updates or new versions become obsolete. They vanish into thin air without a trace. That’s why giants like Microsoft have reduced their major release cycle from 4 years to 3 years and also provide major Updates to the current release bi-annually so that the end-users are up-to-date and on track. Not only new releases and updates, but they also have to provide patches/ hotfixes for identified bugs/ vulnerabilities in order to stay competitive in the game.

Posted on

A Basic Introduction to XACML

What Is XACML?

XACML (eXtensible Access Control Markup Language) is an XML-based language for access control that has been standardized by the Technical Committee of the OASIS consortium. XACML is popular as a fine grain authorization method among the community. XACML describes both an access control policy language, request/response language and reference architecture. The policy language is used to express access control policies (who can do what when). The request/response language expresses queries about whether a particular access should be allowed (requests) and describes answers to those queries(responses). The reference architecture proposes a standard for deployment of necessary software modules within an infrastructure to allow efficient enforcement of policies.

XACML supports Attribute-Based Access Control (ABAC) and evaluation can be done with the additional data retrieved from Policy Information Point (PIP) which is defined by the XACML reference architecture.

Posted on

What Is, Why We Need, and How to Do Data Synchronization

Present-day organizations have complex business requirements. The data can be in several locations. System migrations happen frequently due to technology changes. Integration happens with several platforms that are nowadays referred to as hybrid platforms. This article briefly describes the deployment types, why they have been implemented in such a way, their limitations, and how to overcome them using data synchronization with the help of WSO2 Streaming Integrator.

What Is Data Synchronization?

In simple terms, data synchronization is about synchronizing all data instances used by devices or applications by maintaining consistency and accuracy. Any change that happens to a particular data instance is reflected in the other data instances in near real time. In addition, data synchronization results in cost-efficiency, high performance, data security, data consistency, and accuracy for an organization.

Posted on

Securing APIs With WSO2 Microgateway

Introduction

APIs handle practically every function in modern organizations. From booking a movie ticket to processing complex bank transactions, APIs play an important role. Organizations expose their services via APIs to the public and also internally in order to expand their business opportunities and increase revenue. 

As a result, APIs are being used by multiple parties and people, both internally and externally. It is very important that only authorized users can use specific APIs, so that there is no misuse of APIs that consume valuable data and services of an organization.

Posted on

Iterate/Aggregate Fault Handling in WSO2 EI

In WSO2, we can implement the Splitter and Aggregator EIP using the Iterate and Aggregate mediators. With the Splitter pattern, we can split a message composed by different elements that need to be processed individually, and then we use the Aggregator pattern to aggregate the results of each individual call and then perform some processing over the aggregated results.

Happy Path Example

In a happy path example, all the requests and processing done inside the iterate mediator will occur with no failures, and the aggregate mediator will handle the results of all the requests made. We can see that in the proxy below:

Posted on

Enable SSO Authentication in WSO2 EI Using Okta

This post will show you how to enable SSO authentication in WSO2 Enterprise Integrator using Okta. For this tutorial, we are going to use WSO2 EI 6.5.0. It also requires us to have an Okta account; we can create one for free on the Okta website.

Configuring Okta

In the developer’s console, we need to switch to the Classic UI and then we need to do the following:

Posted on

Change Data Capturing With WSO2 Streaming Integrator

Streaming integration is becoming one of the core components under the enterprise integration stack. Unlike traditional batch integration, streaming integration allows performing ETL operations upon data in real-time and provides results. This empowers businesses by allowing them to act upon fresh data and draw decisions as soon as the data is produced.

But from where does this data produce? Most of the time, this streaming data is being produced from various data sources such as applications, sensors, etc. And in some cases, well-known data sources such as RDBMS can participate in producing such streaming data. This is where the CDC, a.k.a change data capture comes into the picture.

Posted on

Creating WSO2 EI DataServices With Sybase Database

Creating WSO2 EI DataServices With Sybase Database

This post will show a quick example of how we can connect with the Sybase database using WSO2 EI DataServices. For this post, we have used WSO2 EI 6.5.0, but it should work with EI 7 as well. So, let's start.

You might also be interested in:  WSO2 Enterprise Integrator for Distributed Messaging

Starting a Local Sybase Instance

In order to have this example to work, we need to have an instance of Sybase. For that, we will use the following Docker Image available in Docker Hub: datagrip/sybase. This Docker image contains a Sybase 16.2, to start it we just need to run the following command:

Posted on

Designing Your First REST API – Part 2

This kitty knows how to REST.

This is the second part of my REST API guide, where I’ll be focusing on designing a simple API using SwaggerHub. I will explain the basic functionalities of the SwaggerHub editor and the Open API Specification. My previous article covered the basic concepts of REST APIs.

You might also like: 

Introduction

OpenAPI

OpenAPI is a format of writing an API definition to describe the structure of the API to humans as well as machines. An OpenAPI file allows you to describe your entire API, including:

Posted on

Designing Your First REST API – Part 1

Shhh. He's RESTing.

This article will cover the most common concepts of REST APIs writing an API definition using Swagger. Then, you can convert that definition into code using a language you prefer.

Please note that you require basic knowledge of HTTP and APIs.