I am happy to announce that as part of the Anypoint Platform June launch we introduced the following Anypoint Platform API offering capabilities that together enable significant efficiency and user experience boost for Anypoint Platform users.
- Single-click hybrid API management
- External Anypoint Enterprise Security OAuth support
- API Portals images and file attachments
- New API management policies
Let’s dig into each of these areas.
API owners want to have a way to expose their new or existing APIs through an API management layer with the least amount of work required. API program owners, that is the architects and administrators who typically own the API management services made available within an enterprise, want to ensure that APIs that are exposed are done so in a well governed manner: The Anypoint Platform has always provided strong capabilities to enable the goal of these stakeholders. The new single-click hybrid API management capability makes these stakeholders even more efficient.
One-click auto-deployment of API proxies to cloud API gateways was introduced back in February. In this release, we take this capability further by extending support to on-prem API gateways. API program owners can now make both cloud based as well as on-prem based gateway instances available to specific business groups and environments for their use. API owners can then choose any of the available gateway instances to proxy their APIs for management. With a single click, a proxy is then generated and automatically deployed to the target API gateway server of choice in a given environment.
The gateway servers, API proxies, their environments, and business groups are all managed through the new Anypoint Management Console with the benefit that all users, roles, fine grained permissions, and business groups for an organization are honored to enable a well governed process for the management of APIs and their underlying infrastructure.
Of course, users will have the choice of bypassing the one-click deployment and choose a manual “download then deploy” process instead – this is typically the path of choice for customers who want to introduce internal workflow controls on the management of APIs or require the modification of proxies to introduce more complex business logic through the power of Mule message processor components.
The Anypoint Platform has always supported the securing of APIs through OAuth. Support for this functionality has been possible through MuleSoft’s own Anypoint Enterprise Security (AES) OAuth server as well as through OOTB integration with PingFederate and OpenAM. This release extends the capabilities of our AES OAuth support by allowing for AES OAuth servers to be configured on stand-alone API gateways as opposed to having the servers be configured within the proxies themselves as was previously supported. The diagram below illustrates the high-level inner workings of this new functionality.
This new capability is powerful as it enables the separation of concern between the management of OAuth servers from that of API gateway servers. Typically, these servers are managed by different groups and have their own lifecycle cadence. Furthermore, AES based OAuth servers can also be used in combination with PingFederate or OpenAM based servers – something that administrators might want to consider for high scale configurations where many different environments exist and where the lighter weight AES OAuth server is sufficient for non-production environments.
API Portals support for images and file attachments
The Anypoint Platform Portal capabilities are designed to allow for rapid creation of a highly efficient API engagement layer in a high scale setting: Environments where 100’s if not 1000’s of APIs are present and need to be exposed with efficiency and consistency. In this release of the Anypoint Platform, we have furthered this aim with the introduction of the capability for API portal publishers to be able to add images and file attachments to the content of an API portal, as opposed to having to store the content separately and link to it.
Note that this capability is currently in beta as API version exports do not contain file and image attachments and images cannot be resized. We plan to promote this feature to GA in short order after addressing these two remaining areas.
New API management policies
And one just more thing… by leveraging the Anypoint Platform custom API policy framework, we have used the power of Mule integration components to build 11 new custom API Management policies. We have published these policies on Anypoint Exchange so that they may be leveraged for adoption by our customers – treat them as starting points and use/evolve them as you see fit.
The exchange directory has all of the details, but at a glance, here are the general areas that these policies cover:
- Message logging – Toggle header, payload, and/or analytics logging on a given API version with resource/method level filters.
- Transformation – Use the Mule Expression Language or XSLT to transform API requests and responses.
- Message filtering – Filter access to an API based on a Mule Expression language filter.
- Response caching – Decrease load and save cost on the calls to the backend APIs by using a cached version of a response.
- SAML and WS-Security – Covert from SAML to basic auth and vice-versa, or validate the WS-Security SAML assertions of incoming requests,
This concludes the overview of the exciting new capabilities that we have just introduced into the Anypoint Platform. Stay tuned for more to come!