X

PaaS Partner Community

When Creating APIs, Focus your API Gateway on What it Does Best by Robert Wunderlich

Juergen Kress
PaaS Partner Adoption

image

When talking with customers and prospects, I often hear about two requirements; converting REST to SOAP or SOAP to REST and Caching of data for performance.

These are great opportunities for an API Gateway, but should be used with extreme caution. Misuse of either of these features can cause performance problems in your gateway or even worse, putting your sensitive data at risk!

Using an Integration Platform with an API Platform provides the opportunity to follow some best-practice approaches to data isolation as well as scaling of certain heavy-weight operations. Furthermore, by separating these concerns, sensitive data is better protected

First, let's look at the key purposes of an API Platform and an Integration Platform.

The API Platform is responsible for the following:

    • Protecting end-points: Only allowing authorized clients to call services. An authorized client is one who is properly authenticated (AuthN), has the appropriate rights (AuthZ) and has not crossed usage thresholds (rate-limiting), etc. If a client is not properly authenticated or authorized, they should be stopped at the "front-door" or DMZ
    • Discoverability: We want to promote usage of APIs. We need our developer base to be able to find, learn about and try our APIs. Our developers need to have a way to onboard to use the APIs. Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Technorati Tags: SOA Community,Oracle SOA,Oracle BPM,OPN,Jürgen Kress

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.