The following diagram illustrates how the Publisher, Store, Gateway, and Key Manager components function in a distributed deployment and how the message flow happens between them.
Figure: APIM components in a distributed setup
Let's take a look at each component in the above diagram.
API Gateway
Responsible for securing, protecting, managing, and scaling API calls. For more information, refer to section API Manager Components.
API Publisher
Enables API providers to easily publish their APIs, share documentation, provision API keys, and gather feedback on API features, quality, and usage. For more information, refer to section API Manager Components.
API Store
Enables consumers to self-register, discover API functionality, subscribe to APIs, evaluate them, and interact with API publishers. For more information, refer to section API Manager Components.
API Key Manager Server
Responsible for all security and key-related operations. For more information, refer to section API Manager Components.
Load Balancers
The distributed deployment setup depicted above requires two load balancers. We set up the first load balancer, which is an instances of WSO2 Elastic Load Balancer (ELB), internally to manage the cluster. The second load balancer is set up externally to handle the requests sent to the clustered server nodes, and to provide failover and auto scaling. As the second load balancer, you can use an instance of WSO2 ELB or a third-party product.
Shared Databases
The distributed deployment setup depicted above share the following databases among the APIM components set up in separate server nodes.
User Manager Database : Stores information related to users and user roles. This information is shared among the Key Manager Server, Store, and Publisher. Users can access the Publisher for API creation and the Store for consuming the APIs.
- API Manager Database : Stores information related to the APIs along with the API subscription details. The Key Manager Server uses this database to store user access tokens required for verification of API calls.
- Registry Database : Shares information between the Publisher and Store. When an API is published through the Publisher, it is made available in the Store via the sharing registry database.
Message Flows
The 3 main use cases of API Manager are API publishing, subscribing and invoking. Described below is how the message flow happens in these use cases.
Publishing APIs
A user assigned the publisher role has capability to publish APIs. This is done via the Publisher server. When an API is published in the API Publisher, the API Gateway must be updated with this API so that users can invoke it. Because we are using a clustered Gateway, all Gateway server nodes in the cluster are updated with the published API details, enabling any of these Gateway nodes to serve API calls that are received.
When an API is published, it is also pushed to the registry database, so that it can be made available on the store via the shared database.
Subscribing to APIs
A user with the subscriber role logs into the API Store and subscribes to an API. The user must then generate an access token to be able to invoke the API. When the subscriber requests to generate the token, a request is sent to the Key Manager Server cluster. The token is then generated, and the access token details are displayed to the subscriber via the Store.
Invoking APIs
Subscribed users can invoke an API to which they have subscribed. When the API is invoked, the request is sent to the API Gateway server cluster. The Gateway server then forwards the request to the Key Manager server cluster for verification. Once the request is verified, the Gateway connects to the back-end implementation and obtains the response, which is sent back to the subscriber via the Gateway server.
Next, refer to Distributed Deployment Patterns.