API Gateway Federation Support

[msm1992]

Problem

Businesses today are often managing tens of thousands of APIs. Different departments/teams within the organization might use different API gateways and event brokers to manage those APIs. As a result an organization's APIs will be scattered across a number of developer portals tied to the respective vendor’s gateways. This will,

• require the API developers to be familiar with multiple APIM solutions to govern their APIs
• require the API consumers to browse through mulitple API developer portals/catalogs to discover APIs

Proposed Solution

With Federated API Management, they will now be able to manage, secure, and publish APIs from a central location, regardless of which API gateway they are using. It also offers the ability to discover the APIs in use across the organization, import those APIs into a single control and management layer, and then publish them into a Developer Portal for self-service discovery, documentation, and subscription management.

Version

4.5.0

[msm1992]

Meeting Notes (27/11/2024)

Attendees : Sanjeewa, Tharindu, Nandika, Naduni, Sachini

• API Gateway fedeartion has several apects

  • ability to manage multiple gateways within an organization
  • support for unified API Management through a centralized control plane
  • support for unified API Consumption through a single gateway agnostic devloper portal

• The first two points are inter-related and can be addressed by allowing APIM users to create APIs from the wso2 publisher portal and deploy them in a thrid party gateway of their choice.

• Next we need to support displaying APIs deployed in multiple gateways in wso2 developer portal. This is already supppported with third party APIs. Need to check how to manage subscriptions and tokens in this case.

• It was decided to first explore the management APIs Mega Cloud vendors and see whether we can push/pull required data to support the story.

[msm1992]

Status Update (04/12/2024)

• Went through AWS API Gateway REST APIs, created a postman collection to import a rest API using the OpenAPI definition.
• Had a discussion with TharinduA about differences and similarities of AWS and WSO2 as a gateway.

Todo :

• Check OAuth2 support in AWS
• Evaluate apigee/azure gateways

[msm1992]

Status Update (13/12/2024)

• Had a discussion with TharinduA and below are the notes form the discussion.

  • we send the call to the 3rd party provider only when the API is deployed from the WSO2 portal. Until then all API details are kept on WSO2 side only.

  • Reagrding OAuth 2.0 support in apigee, no need to check on their policy based approach. Intead check the third party OIDC token flow. Here we will configure
    WSO2 as a trusted OIDC provider in Apigee, so that apigee API will be invokable with the WSO2 token.

  • Bring in supported gateway type to operation policies again. No need to bother about the synapse/xml formats. We will only be sending the required params to enable
    the policy on other gateway. So general policies like, set_header, set_query_param will be applicable to all gws alike.

More Research on Policy support in cloud vendors

• is there a REST API to attach a policy to an API in Azure: yes, but that expects the policy config value in payload.
  API Level Policy : https://learn.microsoft.com/en-us/rest/api/apimanagement/api-policy/create-or-update?view=rest-apimanagement-2024-05-01&tabs=HTTP
  Operation Level Policy: https://learn.microsoft.com/en-us/rest/api/apimanagement/api-operation-policy/create-or-update?view=rest-apimanagement-2024-05-01&tabs=HTTP
• is there a REST API to attach a policy to an API in Apigee:
  Could not find a REST API for this: we can do this by using the import + proxy configuration bundle approach in create api/revision flow.
• is there a REST API to attach a policy to an API in AWS: Mapping templates, Message mediation through lambda integration (out of scope for this feature)
  https://docs.aws.amazon.com/apigateway/latest/api/API_PutIntegration.html
• In all 3 cases we need to send in the policy content, in whatever the format expected by the GW (Aure-xml, Apigee-xml, AWS: VTL)