Deployment topologies
http://ibmapimanagementonlinetraining.blogspot.com/2015/05/deployment-topologies.html
Deployment topologies
An
API Management solution is deployed to facilitate the development of
applications (apps). The apps may be created by one or more of the following
developers:
- Internal developers behind the firewall
- Third-party trusted developers, for example business partners or mobile app agencies
- Unknown public developers
If the apps are developed internally, then the
APIs need not be exposed to external developers, such as the partners or
public. An API Management layer is effective in providing a uniform integration
layer for internal app developers who wants the straightforward REST/JSON based
data access and it complements a SOA strategy.
Mobile enterprise
application platforms
Where mobile apps are developed, a
mobile enterprise application platform (MEAP) might be used. The MEAP, such as
IBM Worklight, might contain mechanisms and adapters for integration to data
services and include accessing HTTP resources such as APIs. The MEAP is
typically placed inside the enterprise and protected by a secure gateway.
Using an externally exposed API
through the MEAP integration, adapters add latency to the call and thus the
mobile application calls the API directly. For internally exposed APIs using
the MEAP integration, adapters are used.
Internal API exposure
In
this topology, APIs are exposed only to internal app developers.
The topology of exposing the internal APIs is shown in below Figure . Here, the
mobile application makes calls to a MEAP adapter (shown as IBM Mobile
platform), which then makes the call to the API Management layer or other
integration middleware such as an enterprise service bus(ESB).
Fig:Internal API exposure for mobile applications
External API exposure
Socializing
and exposing the APIs is a common approach and requires that the API Management
solution is fully secure. The gateway tier within IBM API Management is
implemented with IBM DataPower and provides security functionality inherent
within that solution
Control over app developer usage is
still possible through approval processes, and only registered developers and
their registered applications can gain entitlement to the API resources. The
topology for exposing APIs externally for mobile applications is shown in below
Figure. This differs from above Figure in that the mobile application makes a
call directly to the API management
layer which then provides the integration service to cloud or back-end data
sources.
Fig: Exposing
APIs externall