WSO2 APIM Components

WSO2 API Manager includes five main components as the Publisher, Store, Gateway, Traffic Manager and Key Manager.

• API Gateway - responsible for securing, protecting, managing, and scaling API calls. it intercepts API requests and applies policies such as throttling and security checks. It is also instrumental in gathering API usage statistics.
• API Store - provides a space for consumers to self-register, discover API functionality, subscribe to APIs, evaluate them, and interact with API publishers.
• API Publisher - enables API providers to easily publish their APIs, share documentation, provision API keys, and gather feedback on API features, quality, and usage.
• API Key Manager Server - responsible for all security and key-related operations. When an API call is sent to the Gateway, it calls the Key Manager server and verifies the validity of the token provided with the API call.
• API Traffic Manager - regulate API traffic, make APIs and applications available to consumers at different service levels, and secure APIs against security attacks. The Traffic Manager features a dynamic throttling engine to process throttling policies in real-time, including rate limiting of API requests.
• LB (load balancers) - In distributed deployment requires two load balancers.
  - First load balancer (NGINX Plus) to manage internally cluster.
  - Second load balancer is set up externally to handle the requests sent to the clustered server nodes, and to provide failover and autoscaling. It may be NGINX Plus or any other third-party product.
• RDBMS (shared databases) - The distributed deployment setup depicted above shares the following databases among the APIM components set up in separate server nodes.
  - User Manager Database : Stores information related to users and user roles. This information is shared among the Key Manager Server, Store, and Publisher
  - API Manager Database : Stores information related to the APIs along with the API subscription details. The Key Manager Server uses this database
  - Registry Database : Shares information between the Publisher and Store

Note

• It is recommended to separate the worker and manager nodes in scenarios where you have multiple Gateway nodes

Message Flow

The three main use cases of API Manager are API publishing, subscribing and invoking.

WSO2 API Manager deployment patterns

• Pattern 1 (Single node)
  All-in-one deployment

• Pattern 2 (Partially Distributed Deployment)
  Deployment with a separate Gateway and separate Key Manager
• Pattern 3 (Fully distributed setup)
  It contains scalability at each layer and higher flexibility at each component

• Pattern 4  (Internal and external / on-premise API Management)
  This pattern require a separate internal and external API Management with separated Gateway instances
• Pattern 5 (Internal and external /public and private cloud API Management)
  It maintain a cloud deployment as an external API Gateway layer

Database Configuration for Distributed Deployment

API Manager Profiles

The following are the different profiles available in WSO2 API Manager.

• Gateway manager: Acts as a manager node in a cluster. This profile starts frontend/UI features such as login as well as backend services that allow the product instance to communicate with other nodes in the cluster.
• Gateway worker: Acts as a worker node in a cluster. This profile starts the backend features for data processing and communicating with the manager node.
• Key Manager: Handle features relevant to the Key Manager component of the API Manager.
  Traffic Manager: Handle features relevant to the Traffic Manager component. The Traffic Manager helps users to regulate API traffic, make APIs and applications available to consumers at different service levels, and secure APIs against security attacks. The Traffic Manager features a dynamic throttling engine to process throttling policies in real-time, including rate limiting of API requests.
• API Publisher: Only starts the front end/backend features relevant to the API Publisher.
• Developer Portal: Only starts the front end/backend features relevant to the Developer Portal (API Store).