API Governance Sample


  • Control and track the broader operational characteristics of how APIs get exposed.

  • Manage and maintain policy characteristics such as metering, SLAs, availability and performance.

  • Policy management specific to different partners and developers.

  • People and persona-driven governance models (who can do what and when).

  • Dependency analysis; track which services fuel which APIs and which APIs fuel which apps.

Business story

  • Assume that there is an organization that needs to get data related to their API usage. They need to give more traffic to the API’s that are accessed frequently. Out of those APIs, they need to give more traffic to a particular resource in a particular API.

  • This organization has a separate unit that needs traffic management policies to manage their API’s separately.

  • There are users that only need to invoke the APIs. They are not offered API developer capabilities.

  • They need to know how the services are consumed by the end users.

Business use cases

  • ABC company is a mobile phone manufacturing company. Assume they had a requirement to publish mobile phone stock availability through an API and they need to give more traffic availability to this API’s getStock resource.

  • They have a separate finance department to which they need to allocate less traffic since this API is only accessed by the finance department.

  • They have users that do not have privilege to develop the APIs and only have rights to consume the APIs.

  • They need to monitor the API usage, to manage the traffic allocations of the APIs.

How this business scenario is achieved using WSO2 API Manager

  • Place the wso2am-analytics-2.2.0-updateX pack in the same location as the wso2am-2.2.0-updateX pack.

  • Custom advanced throttling policies for the APIs.

  • A separate tenant is required for the finance department and custom advanced throttling policies are required for that tenant.

  • Two APIs; one for the super tenant, that exposes the mobile phone prices and the other for the tenant created for the finance department, which is a private API that retrieves salary details of the employees.

  • Engage the new advanced throttle policies with the two newly created APIs above.

  • Create a user who does not have permission to the Publisher.

  • Invoke the APIs and check the analytics graphs to check the API usability statistics.

Below are the screenshots that show the old and new APIs with their respective lifecycle states.

Created API for super tenant

Created API for finance department

Engaged advanced throttle policy for the stock GET request in super tenant

Alex can log in to the Developer Portal

Alex cannot log in to the Publisher since it has been restricted

Advanced throttling policy engaged to finance department

Add advanced throttling policies in the Admin app

After users start invoking APIs, statistics appear in the Publisher, as shown below:

Running the sample to populate the sample data

  • Start the wso2am-analytics-2.2.0-updateX distribution.
  • Start wso2am-2.2.0-updateX, after starting the APIM analytics node.
  • Go to <API-M_HOME>/sample-scenarios . Execute the run.sh file. Enter the scenario number as 9, when prompted.

User credentials needed for log in

User Username Password
Super tenant admin admin
Store only alex 123123
Finance department user [email protected] 123123