O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing Oracle API Platform Cloud Service

Book Description

Work with the newest Oracle API Platform Cloud Service to interface with the increasingly complex array of services your clients want.

About This Book
  • Understand the architecture and functionality of the new Oracle API Cloud Service Platform
  • Understand typical use cases for the new platform and how it can work for you
  • Design your own APIs, then deploy and customize your APIs
  • Implement Oauth 2.0 policy and custom policies
  • Migrate from Oracle 12c solutions to the new Oracle API platform
Who This Book Is For

This book is for all Oracle developers who are working or plan to work with the Oracle API Platform Cloud Service.

What You Will Learn
  • Get an overview of the Oracle API Cloud Service Platform
  • See typical use cases of the Oracle API Cloud Service Platform
  • Design your own APIs using Apiary
  • Build and run microservices
  • Set up API gateways with the new API platform from Oracle
  • Customize developer portals
  • Configuration management
  • Implement Oauth 2.0 policies
  • Implement custom policies
  • Get a policy SDK overview
  • Transition from Oracle API Management 12c to the new Oracle API platform
In Detail

Implementing Oracle API Platform Cloud Service moves from theory to practice using the newest Oracle API management platform. This critical new platform for Oracle developers allows you to interface the complex array of services your clients expect in the modern world.

First, you'll learn about Oracle's new platform and get an overview of it, then you'll see a use case showing the functionality and use of this new platform for Oracle customers. Next, you'll see the power of Apiary and begin designing your own APIs. From there, you'll build and run microservices and set up the Oracle API gateways.

Moving on, you'll discover how to customize the developer portal and publish your own APIs. You'll spend time looking at configuration management on the new platform, and implementing the Oauth 2.0 policy, as well as custom policies. The latest finance modules from Oracle will be examined, with some of the third party alternatives in sight as well.

This broad-scoped book completes your journey with a clear examination of how to transition APIs from Oracle API Management 12c to the new Oracle API Platform, so that you can step into the future confidently.

Style and approach

This book provides comprehensive coverage of all aspects of Oracle API development using the new Oracle API Platform Cloud Service. All aspects of the new Oracle API Platform Cloud Service are considered and your practical, working Oracle situations are examined to give you have hands-on experience using the new API platform from Oracle.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Implementing Oracle API Platform Cloud Service
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Foreword
  5. Contributors
    1. About the authors
    2. About the reviewers
    3. Packt is searching for authors like you
  6. Acknowledgments by All Authors
  7. Preface
    1. What is an API?
    2. 3rd generation APIs
    3. What this book covers
    4. How we have approached this book
    5. What you need for this book
    6. Who is the book for?
      1. Conventions
      2. Reader feedback
      3. Customer support
        1. Downloading the example code
        2. Download the color images
    7. Errata
    8. Piracy
    9. Questions
  8. Platform Overview
    1. What is the Oracle API platform?
    2. Evolution of Oracle's API offering
    3. Platform architecture
      1. Components description
        1. Management portal
        2. APIs page
          1. The API implementation page
          2. The implementation section
          3. The deployment section
          4. The publication section
          5. The grants section
          6. Registration section
          7. The analytics section
        3. Applications page
          1. The settings section
          2. Grants section
        4. The gateways page
          1. Settings section
          2. Properties section
          3. Nodes section
          4. Deployments section
          5. Grants section
          6. The analytics section
        5. The services page
          1. The settings section
          2. The grants section
        6. Service accounts page
          1. The settings section
          2. The grants section
        7. The roles page
        8. Users and groups
        9. Platform settings page
          1. General settings section
          2. Developer portal settings section
      2. Development portal
        1. The API page
        2. The API documentation section
        3. API subscription
      3. My applications page
        1. The overview section
        2. Subscribed APIs section
        3. The grants section
        4. The analytics section
      4. Management service REST APIs
      5. API plans
      6. Apiary
        1. The Apiary account
        2. Apiary views
          1. Apiary personal view
          2. Apiary editor
          3. Inspector
          4. Documentation
          5. Testing with Apiary
          6. Apiary settings
          7. People
          8. Apiary team view
          9. APIs
          10. Styles
          11. People
          12. Settings
          13. Billing
          14. Account settings
    4. Summary
  9. Use Case
    1. Scenario
      1. Use case opportunities
    2. IT landscape
      1. Financial processes
      2. Recorded material and related assets
      3. Contracts
      4. Identities
      5. Audit trail
    3. Logical data view
    4. API requirements in detail
      1. Product
        1. Product for partners
        2. Product for composers and artists
        3. Product availability
    5. Structuring the design approach
      1. Exploring OMESA
        1. Single purpose versus multipurpose APIs
        2. Semi-decoupled and fully decoupled
        3. Bounded context
    6. Next steps
    7. Summary
  10. Designing the API
    1. Scenario
    2. The API design-first process
      1. Step 1 – defining the API type
        1. Single-purpose APIs
        2. Multi-purpose APIs
        3. MRA's Media Catalogue API – public and multi-purpose
      2. Step 2 – defining the API's domain semantics
      3. Step 3 – creating the API definition with its main resources
      4. Step 4 – trying the API mock
      5. Step 5 – defining MSON data structures
      6. Step 6 – pushing the API blueprint to GitHub
      7. Step 7 – publishing the API mock in Oracle API platform CS
      8. Step 8 – setting up Dredd for continuous testing of API endpoints against the API blueprint
    3. Summary
  11. Building and Running the Microservice
    1. What is a microservice?
      1. Understanding the technical requirements
    2. Building the Microservice
      1. Step 1 – install Node.js and MongoDB
      2. Step 2 – create the skeleton of the Media Catalogue Microservice
      3. Step 3 – define the structure of the Media Catalogue Microservice
      4. Step 4 – configure the Media Catalogue Microservice
      5. Step 5 – define the data entity
      6. Step 6 – code the interaction with the database
      7. Step 7 – define the controller function
      8. Step 8 – route the incoming request to the new controller function
      9. Step 9 – test the microservice
      10. Step 10 – package and deploy the microservice
      11. Step 11 – updating the API endpoint and re-test using Dredd
    3. Summary
  12. Platform Setup and Gateway Configuration
    1. Platform architecture
    2. The concept of logical and physical gateways
      1. Avoiding network latency for global deployments
    3. Deployment for the use case
      1. How many nodes
      2. How many logical gateways
        1. How much storage?
        2. Gateway design decisions in our use case
      3. One cloud management or several?
        1. Single management instance
        2. Multiple management instances
      4. MRA's approach number of cloud management instances
      5. Firewall or no firewall
      6. Load balancing
        1. Web proxies
        2. Content Delivery Networks (CDNs)
    4. Prerequisites to allow the API platform to be built
      1. Background to the account types
    5. Building the cloud
      1. Default roles and users
      2. Creating users inside API platform
        1. Configuring Oracle traffic director
        2. Network-based access controls
      3. Setting up Apiary
        1. Configure developer portal look and feel
      4. Gateway life cycle and deployment
        1. Gateway configuration
        2. Where to get the logical gateway ID
        3. Configuration JSON properties
        4. Gateway prerequisites
        5. Retrieving the gateway deployment package
        6. Actioning the gateway deployment
          1. Unpacking
          2. Install
          3. Configure
          4. Start
          5. Create
          6. Join
        7. Making the gateway production ready
          1. Linux security
          2. Log analytics
          3. Dealing with certificates
          4. Gateway lockdown
    6. Summary
  13. Defining Policies for APIs
    1. Background
      1. Common security threats
        1. Denial-of-service attacks (DoS)
        2. Payload attacks
      2. Role of the gateway
      3. HTTP and HTTPS
      4. Throttling
      5. Implementing APIs for MRA
      6. Understanding policies
      7. General guidelines for designing policies
    2. Request and response pipeline policies
    3. Defining polices
      1. Inbound policies
      2. Outbound policies
      3. Defining rate limiting policies
        1. API rate limiting policies
          1. Steps to create a rate limiting policy
        2. Application rate limiting policies
          1. Creating an application rate policy
        3. Testing the policy
      4. Lightweight authorization checks
        1. Creating an API key policy
        2. Testing the API key
      5. Logging
        1. Enabling logging
      6. Interface filtering
        1. Creating an interface filter
        2. Testing the policy
      7. Cross origin resource sharing (CORS)
        1. Creating a CORS policy
        2. Testing the CORS policy
      8. Gateway-based routing
        1. Creating a gateway-based routing policy
      9. Resource-based routing
      10. Groovy policies
      11. Response policies
      12. API policy iterations
      13. Monitoring APIs
    4. Summary
  14. Testing APIs with API Fortress
    1. What is API Fortress?
      1. Test management
      2. Monitoring
      3. Continuous deployment
      4. Tools
    2. Test the MRA Media Catalogue API
      1. Create Media Catalogue test case
      2. The GetArtistById test case
      3. Test using the Jenkins plugin
    3. Summary
  15. Implementing OAuth 2.0
    1. OAuth 2.0 overview
      1. Client credentials
      2. Resource owner password
      3. Implicit
      4. Authorization code
    2. MRA use case
    3. Implementation steps
      1. Step 1 – obtaining an Oracle identity cloud account
      2. Step 2 – configuring an Oracle identity cloud resource server 
      3. Step 3 – configuring an Oracle identity cloud client application
      4. Step 4 – adding users and groups to client application
      5. Step 5 – configuring the API platform gateway
      6. Step 6 – applying OAuth 2.0 policies to APIs
    4. Summary
  16. Implementing Custom Policies
    1. What is Groovy?
    2. Why provide Groovy for logging?
    3. How Groovy custom policies work?
      1. APIs to access call data
      2. How to reject an API call in a Groovy policy?
      3. Recognizing Groovy errors
      4. Groovy policy illustration
        1. Addressing a problem with a simple Groovy policy
      5. Building our API
        1. Run the test
      6. Implementing a Groovy policy for an API response
      7. A closer look at Groovy language limitations
    4. Custom Java policies
      1. Composition of a custom Java policy
      2. Creating a custom policy for MRA
      3. Getting geolocation information
      4. Simplifying the development process
      5. Using an IDE
      6. Build properties
      7. Build process
        1. Presentation definition
        2. Supporting JavaScript
        3. Localization of the UI
        4. UI Backend for validating configuration
        5. Backend implementation
      8. API runtime
      9. Metadata
      10. Additional libraries
      11. Deployment
      12. Current constraints
    5. Custom policies – which policy type to use?
    6. Summary
  17. Moving from API Management 12c to APIP CS
    1. Oracle API management suite 12c
      1. Oracle API manager 12c overview
      2. Oracle API gateway 11g
      3. Oracle API Platform Cloud Service
      4. Mapping of personas and roles
      5. Architectural differences
      6. Strategy for transitioning APIs from OAPIM 12c to APIP CS
        1. API re-implementation design
        2. Service implementation
        3. API definition and API-first design
        4. API creation/policy implementation
        5. API testing
        6. API switch-over strategy
      7. Defining API policies
      8. Adding API documentation
      9. Deploying endpoints
      10. Testing the API
      11. Publication of the API
      12. Analytics
    2. Summary
  18. Another book You May Enjoy
    1. Leave a review - let other readers know what you think