Welcome to this course on API Management. This is a Level 100 course. My name is Robert Wunderlich. I'm a Product Manager with Oracle Cloud Infrastructure. In this course, we will discuss API and API gateway. We will walk through the steps to prepare a tenancy for API gateway, and we'll create some API. We will explore how we can use API gateway to create a protected HTTPS endpoint for API, and how the gateway can apply policies that validate API requests, enforce authorization, work with runtime context, and transform API requests between our clients and our backend implementation. We will finish up with monitoring and managing APIs through logging metrics. Let's get started. What is an API and API gateway? The term API or Application Programming Interface has been around for a very long time. Developers use them and many of the popular programming languages such as Java. Rather than implement everything from scratch, developers make use of library to accelerate their development simply by importing the libraries that they need. The developer interacts with a pre-built capabilities via a well-designed API. We can refer to this as a local execution because the developer enforce the necessary libraries into her project but it is encapsulated as the developer does not need to deal with the internal implementation of the API. Web services share the fundamental principles of encapsulating the implementation, but have some distinct differences. Like their name indicates, they are typically available over the web. They are highly decoupled, meaning that a client application invokes the web service over the wire. The code for the web service does not typically run in the same context as the application that is using it. As a matter of fact, the web server is often written in a wholly different language than the client that is using it. As we've come to refer to web services as API, throughout this course, whenever we say API, we are talking about web services. That's why we're talking about what is the API? We have clients and those clients need to use functionality on a server. They connect to the server over the wire or the web service, which is a well-defined contract that we'll talk about in a moment. We need to be able to protect that endpoint because if that web service is available to the worldwide web anybody not just the client we intend could try to get to it. We use an API Gateway. That API Gateway provides an interface for the clients to be able to use and it connects to the backend web services. The client is not aware of the implementation of the backend web service. The client just interacts with the API gateway. Let's delve into the elements of an API. In API comprises a description, a set of policies, and then implementation. Beginning with the description, the description is a contract between the consumer and the provider. It describes the functionality of the API. There's a wide range of tools available for creating API description. You can use Postman, Stoplight, Swagger Editor, Code Editor, and many more. Description is typically written in a format such as OpenAPI, which is an implementation agnostic way to describe the behavior and it's well-recognized in the industry. When our API is being made available, that endpoint needs to be protected, and so we use the API gateway. The API gateway applies policies to enforce protection such as authorization. It also performs validation transformation routing. Another benefit of using an API gateway is it can add metrics, alarms, and logging for that endpoint. When implementing the actual functionality of the API, the choices are endless. You can implement on Oracle Kubernetes Engine, or you can use Helidon. You can have custom code running in Compute. You could create modern serverless APIs using Oracle functions. You could work against the Autonomous Database and Oracle REST Data Services. You could work against a wide range of SaaS applications. You can connect to just about anything with integration, or you can use any other technology. The API gateway is a network attached device and it connects between the client and the backend servers. The clients from the outside connect through the gateway to the backend services and of course, those services can be running in OCI or through OCI connected to your datacenter. The API gateway provides security, mediation, and monitoring. The Oracle Cloud Infrastructure API gateway is a serverless policy enforcement point. It has authorization, rate-limiting, and routing, that performs request validation. It also performs a request and response transformation. To help ease the load on your backend services, it includes response caching. You can create both public and private endpoints, so you can have internal APIs running that are not accessible to the Internet and you can also have public APIs. You can also set up custom domain so that you can have APIs under your own host names. The gateway also includes integrated logging and metrics, and you can also use Advanced logging analytics with API gateway. As you're designing your APIs and OpenAPI2 and 3, you can load those into the gateway and you can quickly create API deployments that have built-in mock testing. As you deploy your APIs and make those available for developers to create applications and use them, you can generate SDKs so the developers can work with your APIs in the language of their choice.
