Our client, a major company in the communications sector, had a system to publish APIs based on an Oracle solution OSB consuming services exposed in its corporate database (Oracle). In that same database tables they were allowing consumers to authenticate.
Issue:
This architecture did not allow escalation in operations and the design of new services because it lacked the necessary management tools for the government of APIs, and at the same time the system complicated a lot the policies needed to authorize and authenticate how the APIs are used and by whom.
Solution:
The project consisted of defining and monitoring the implementation of a robust and scalable architecture based in WSO2 products, to create a layer of API Management (can define API Management as the process to publish, promote and monitor APIs in a secure and scalable environment) .
It also includes all those resources focused and needed on the creation, documentation and socialization of the APIs, that will be integrated with an uncoupled Authorization layer. All of this using the same scheme of services that already existed based on Oracle OSB.
An outline of the solution is represented here:
WSO2 product ecosystem is supported on a suite that allows management of various scenarios for identity management and authentication and authorization processes .
Within the WSO2 ecosystem there is a product called Identity Server that meets all security requirements existing in most of the Information Systems.
As a summary, covers the following points:
Result:
Thanks to the solution , we were able to improve system functionality of the company, that can now meet its strategy of exposing APIs in a robust and scalable way .
It is an interesting project of integration between two of the main areas where are pivoting many modern digital transformation initiatives of companies. Only establishing a robust Identity Management and with a powerful management tool that you can support the so called API Economy .
To extend these concepts , we recommend you to see the following webinars where our Architects introduce both the API and the Identity Manager Server: