DevEX - reference for building teams, processes, and platforms
Role of Rest vs. Web Services and EI
1. Role of REST Vs. Web Services &
Enterprise Integration
Hiranya Jayathilaka
Associate Technical Lead
PMC Member (Integration Technologies)
2. A Word About WSO2
• Founded in 2005 by acknowledged leaders in XML, Web Services
technologies & standards and open source. Primary contributors to
Apache Web Services projects started in 2001.
• Producing entire middleware platform 100% open source under the
Apache license.
• Business model is to sell comprehensive support & maintenance for
our products.
• Technology OEM’d by IBM, Progress, Software AG, Alcatel, EMC and
CA.
• Venture funded by Intel Capital and Quest Software
• Global corporation with offices in Palo Alto (USA), Portsmouth (UK)
and Colombo (Sri Lanka).
• 150+ employees and growing.
3. What is REST?
• REpresentational State Transfer
• Lightweight, client-server architecture
• Interactions are based on the transfer of
resource state representations
• Systems exchange state representations and
perform application state transitions
• Mostly implemented using HTTP
4. Richardson Maturity Model
Level 3: Hypermedia Controls
• Hyper text as the engine of application state
Level 2: HTTP Verbs
• Many URIs, each supporting multiple HTTP methods
Level 1: Resources
• Many URIs, one HTTP method
Level 0: XML Over HTTP
• One URI, one HTTP method
5. An Example…
• Learning Management System for a college
• A number of fundamental concepts
– Student
– Course
– Teacher
• In a RESTful design these concepts are likely to
become the ‘resources’ managed by the LMS
6. The “Student” Resource State
• Name
• Age
• Registration number
• GPA
• Date of birth
• Contact information
9. Representational State Transfer
• Clients and servers interact with each other by
exchanging
– Resource state representations
– Other control information
• Applications are state machines
– Exchange of resource state representations and
control information can result in application state
transitions
11. REST Today!
• Developers and architects realize the power of
REST and appreciate its lightweight nature
• Lots of tools, libraries and frameworks to
make RESTful development easier
• Well suited for modern IT trends
– Mobile apps
– Rich web applications
– Social media
12. Nothing But REST?
• Most organizations have already invested
heavily in IT and have adopted countless
technologies
– Legacy systems
– J2EE, .NET, LAMP
– CORBA, DCOM, RPC, SOAP
– … and much more
• Replacing these existing systems is risky and
ridiculously expensive
13. REST in Peace, SOAP?
• Not in our wildest dreams
– New WS-* standards introduced frequently
– Many developer friendly tools and frameworks
– Comprehensive and highly interoperable platform
– Sponsorship of many large scale software vendors
• SOAP, WSDL, WS-*, BPEL – They are all here to
stay (at least for the foreseeable future)
– REST will continue to be dominant in the public
web API space
15. Moral of the Story…
• Replacing existing technologies is not easy
• Every technology has its own strengths and
weaknesses
– Despite its arcane terminology, the structured
description capabilities of the WSDL standard is
being praised even by hard-core fans of REST
– No technology can be designated “universally
superior”
16. Coexistence over Conquest
• RESTful applications should play nice with
other technologies
• Need powerful integration mechanisms
between REST and other technologies (most
notably SOAP)
• Design applications in a manner so that the
weaknesses of one technology is
complemented by the strengths of another
– Best of both worlds scenario
17. Key to Success
• Organizations that have realized the value of
“coexistence over conquest” have reaped
fruitful results
– Amazon
– eBay
– Google
• Opens up the business for all types of
developers and clients
– Breaks down barriers for technology adoption
18. Good Times for Developers!
• Adding REST support to an existing enterprise
architecture creates many interesting problems
and lucrative opportunities for developers
– Developing RESTful applications
– Integrating REST applications with the ‘rest’
– Exposing existing services over REST
– Security
– Provisioning
– Monitoring and usage tracking
• “Developers are the new king makers” – James
Governor
19. Developing RESTful Applications
• Can be done with any web development
technology
– HTML, PHP, ASP, CGI…
• Servlets and JSP are popular in the Java world
• JAX-RS catching up fast
– Apache Wink
– Apache CXF
– WSO2 Application Server
21. Exposing Existing Services Over REST
• Use the tried and tested
gateway pattern Consumers
• Lock down all the
implementation details
of the backend systems
behind an API gateway REST API
and expose a clean Gateway
REST API
• Pay attention to the
number and granularity Backend
of exposed operations Services
24. Basic Features of an API Gateway
• Transport switching
• Message transformation and content
negotiation
• Lightweight orchestration
• High performance (low latency mediation)
• Monitoring
25. Security
• More exposure = More vulnerabilities
• Access to critical business applications must
be secured at API gateway level
– Do all security checks as early as possible
• Use HTTP friendly security mechanisms
– Basic Auth
– OAuth
30. Managing System Load
• RESTful applications are usually lightweight and
fast – But your backend services may be not
• Track the usage of REST APIs at the gateway and
turn down requests if the load becomes too high
– If the APIs are restricted to a particular group of
clients, consider implementing some IP based
throttling mechanism
– Use time based throttling to prevent legitimate clients
from overwhelming a service
33. Caching
• Another very effective way of reducing the
overhead on backend services
– Cache as many responses as possible in the
gateway and try to minimize calling backend
services
• Added benefit: Improved performance (better
user experience)
• Need to have proper cache invalidation
mechanisms in place
35. API Provisioning
• REST integration is not a one-off activity. Once
adopted you will be doing it for the ‘rest’ of
your working life.
• Should be able to easily add new REST APIs to
the API gateway
– Ideally should be a single click operation
– Should not result in a downtime of existing APIs
• REST API governance
38. Monitoring & Usage Tracking
• Log and record all accesses to your exposed
RESTful interfaces at the API gateway
– Both valid and invalid accesses
– At very least have a HTTP access log
• If you already have a monitoring system in
place, integrate it with the API gateway
– Syslogs, JMX, BAM
• KPI monitoring and SLA monitoring
• Tracking API usage
39. What to Do with Collected Data?
• Periodic audits
• Dashboards and reports
– For both API providers and API consumers
• Capacity planning and traffic engineering
• Vulnerability detection
• Marketing and promotional activities
43. API Monetization
• Turning inbound API calls into cash
• Prevent third parties from making profits out of
your APIs - Prevent disenfranchisement
• Provide a monitored sandbox environment where
third parties can develop applications using your
APIs
– Close off or restrict access to the APIs from outside
the sandbox environment
– Have a robust model for reviewing, approving and
publishing third party applications
44. Your Business as a Service
App App App App
PaaS for Managed Third Party Apps
(WSO2 Stratos)
API (WSO2 API Manager)
Services, Processes, Applications, Data
(Business IT Assets)
45. Summary
• What is REST?
• REST vs. SOAP and other technologies
• Exposing existing systems over REST – API
gateway pattern
• Techniques for securing, provisioning and
managing REST APIs
• API monetization
46. Resources
• REST and API management with WSO2 ESB (Webinar):
http://www.youtube.com/watch?v=YNfa88-DWQU
• ESB Tipcs & Tricks: Introduction to REST APIs (Blog):
http://techfeast-hiranya.blogspot.com/2012/04/wso2-esb-tips-
tricks-09-introduction-to.html
• REST API samples (Documentation):
http://docs.wso2.org/display/ESB403/Sample+1+Introduction+to+R
EST+API
• Introduction to AppFactory (Blog):
http://blog.cobia.net/cobiacomm/2012/04/16/what-is-wso2-
appfactory/
• WSO2 API Manager beta program (Press Release):
http://wso2.com/about/news/wso2-begins-recruiting-beta-
customers-for-new-wso2-api-manager-product/
48. WSO2 Engagement Model
• QuickStart
• Development support
• Development services
• Production support
• Turnkey solutions
– WSO2 Mobile Gateway Solution
– WSO2 FIX Gateway Solution
– WSO2 SAP Gateway Solution