The webMethods API Management Product Suite
The following diagram illustrates a typical scenario of products that make up the webMethods API management product suite.
In this scenario, webMethods API management suite products include the following:
webMethods API-Portal: In
API-Portal, API consumers browse the catalog of APIs that a provider has published. When the consumer finds an API of interest, the consumer can sign up and request an access token to download the API for further investigation and testing.
API providers who have an API administrator role in API-Portal can also view dashboards containing details about API run-time usage.
Provided with each API-Portal installation is a sample portal called SAGTours. The SAGTours sample provides an end-to-end scenario using CentraSite, Mediator, and API-Portal to demonstrate how the fictitious company SAGTours has customized the content as well as the look and feel of an out-of-the-box API-Portal. For details about installing the SAGTours demo and using it as a basis for customizing your own portal, see webMethods API-Portal Online Help.
CentraSite:
CentraSite provides a registry and repository for APIs and offers complete design-time governance of those APIs. API providers add APIs to
CentraSite by defining the APIs and their associated resources as objects. When APIs are ready to be made available to consumers, API providers publish the APIs from
CentraSite to
API-Portal.
CentraSite administrators do the following API management tasks:
Register instances of
API-Portal.
Manage API provider and API consumer user accounts.
Manage the API catalog.
Publish virtualized APIs to
Mediator.
Configure policies to be enforced at run time.
Manage API and OAuth2 keys and API access tokens.
When API providers add API services to CentraSite as assets, the providers can attach supporting documents to the API assets. Examples of such documents include input files containing WSDL or schema definitions, programming guides, sample code, legal notices and terms of use, and associated contracts and plans. When the APIs are published from CentraSite to API-Portal, these supporting documents are published to API-Portal as well.
webMethods Mediator:
Mediator provides complete run-time governance of APIs published to
API-Portal.
Mediator acts as an intermediary between service consumers and service providers.
Mediator also enforces access token and operational policies such as security policies for run-time requests between consumers and native services. Using
Mediator, API providers can do the following:
Enforce security, traffic management, monitoring, and SLA management policies.
Transform requests and responses into expected formats as necessary.
Perform routing and load balancing of requests.
Collect run-time metrics on API consumption and policy evaluation.
webMethods Integration Server:
Integration Server hosts
Mediator and initiates connections to
Enterprise Gateway.
Integration Server also orchestrates the services and provides the connection to back-end systems.
webMethods Enterprise Gateway:
Enterprise Gateway protects
API-Portal and the
webMethods products installed behind the firewall from malicious attacks initiated by external client applications. Administrators can secure traffic between API consumer requests and the execution of services on
Mediator by doing the following:
Filter requests coming from particular IP addresses and blacklist specified IP addresses.
Detect and filter requests coming from particular mobile devices.
Avoid additional inbound firewall holes through the use of reverse invoke.