Saturday, 4 June 2016

Oracle Api Gateway

Oracle API Gateway : accelerates ,governs,secures,web api and SOA based systems.
 
Serves rest API and Soap Web services to client.

  1. Converts REST to Soap
  2. Converts XML to Jason
  3. Supports other protocols also - FTP,SFTP,FTPS,TIBCO Rendezvous and EMS,JMS.
  4. Caching and traffic management
  5. Monitoring of API and service usage.
  6. Content filtering.
  7. Authentication : O auth,certificate auth,HTTP auth,WS Security.



      Basic Architecture (Image 1) :
   
 





      Basic Architecture (Image 2) :
















What It Does?

a) OAG is installed in the RED Zone.t’s a software appliance that can provide application-level routing (base on source, on destination, sender’s identity and XML content); it can do XML conversion and XML Validation or scan incoming message for any known threats, provide XML acceleration to save on performance on processing heavy payload. It provides decent level of monitoring and altering feature to its administrator.


b) OAG’s main purpose is to provide the “First Line Of Defense” by filtering out malformed message, xml bombs, XML Denial of service (XML DoS), SQL injection, XPATH Injection from the external consumer. Once the message is filtered , the message is then forwarded to the GREEN Zone which is the last security. After entering the GREEN Zone the message is Authenticated, Authorized and Audited by OWSM before it’s delivered to the backend web service for processing.


c) OAG can virtualize a web services location, thereby hiding its real location and implementation details from its external consumers keeping it safe from attacks. OAG provide various inbuilt Out-of-the-Box filters that can be implemented in message circuit to filter external messages from threats. It can throttle the inbound message flow.





Oracle API Gateway Installation :


Oracle API Gateway has three distinct components :


a)Oracle API gateway:

 It is a standalone software platform that does not run on WebLogic and should be deployed in your DMZ to guard against external threats such as Denial of Service (DOS) attacks, injection and malicious  code (like SQL or XPath injection), confidentiality integrity (like sniffing and parameter tampering), reconnaissance attacks (like directory reversal) and privilege escalation attacks (like race conditions and buffer overflow).



 























b)Oracle API gateway Studio:

 Along with the API Gateway Manager  this is perhaps the most important tool that Oracle API Gateway provides.  It is a graphical tool used to virtualize APIs and develop policies in a flow-chart style with a drag and drop UI that should be familiar to anyone who has worked with Service Bus or SOA Suite.




 













c)Oracle API gateway Analytics:
 
   This web-based console provides the ability to monitor and report on all API Gateways in the domain over an extended time period.  It can help administrators to analyze what APIs are used, how often APIs are used, when APIs are used, and who is using APIs.  It can also schedule reports in PDF format to be emailed to specific users.




















1 comment:

  1. Hi,

    Do you provide production support to fix issues in OAG.

    Thanks,
    Anil.

    ReplyDelete