WSO2 API Manager

It can be installed on premise or it can be used in its cloud version. The cloud is a beta version. We will only consider the on premise versio. Thinking about an on premise solution you are responsible of deploy an environment that provides availability, scale capabilities, and low latency for all subscribers.

Set up

In order to create a preproduction environment all the components can be installed, configured and run in the same machine.

In order to create a production environment the different components (API Publisher, Gateway, Store, Key Manager, and 3 MySQL Databases) should be installed in separate servers. Multiple instances of these components should be set up behind a load balancer in order to provide high availability.


Additionally, a monitoring component could be included. Different configurations must be applied to each component.


A publisher can publish an API manually, using a WSDL in a SOAP Endpoint or other API definition file for another type of service.

A subscriber can discover and subscribe to an API throw Store component. After that she can invoke the API using SOAP or REST clients.


Reverse Geocoding: Google Maps API

Provider: Google Inc.
Provider Client Libraries: Javascript, Java, Python, Android, iOS
Multiple Languages: Yes
Limitations: 2,500 free requests per day, 10 per second
Price: Free: 2,500 requests per day


Pay as you go: $0.50 USD / 1000 additional requests, up to 100,000 daily.


Google Maps API for Work: it depends on the purchased quota

Example request:,-73.961452&key=APP_SPECIFIC_API_KEY

Example response:

	"results" : [
		"address_components" : [
				"long_name" : "277",
				"short_name" : "277",
				"types" : [ "street_number" ]
				"long_name" : "Bedford Avenue",
				"short_name" : "Bedford Ave",
				"types" : [ "route" ]
				"long_name" : "Williamsburg",
				"short_name" : "Williamsburg",
				"types" : [ "neighborhood", "political" ]
				"long_name" : "Brooklyn",
				"short_name" : "Brooklyn",
				"types" : [ "sublocality", "political" ]
				"long_name" : "Kings",
				"short_name" : "Kings",
				"types" : [ "administrative_area_level_2", "political" ]
				"long_name" : "New York",
				"short_name" : "NY",
				"types" : [ "administrative_area_level_1", "political" ]
				"long_name" : "United States",
				"short_name" : "US",
				"types" : [ "country", "political" ]
				"long_name" : "11211",
				"short_name" : "11211",
				"types" : [ "postal_code" ]
		"formatted_address" : "277 Bedford Avenue, Brooklyn, NY 11211, USA",
		"geometry" : {
			"location" : {
				"lat" : 40.714232,
				"lng" : -73.9612889
			"location_type" : "ROOFTOP",
			"viewport" : {
				"northeast" : {
					"lat" : 40.7155809802915,
					"lng" : -73.9599399197085
				"southwest" : {
					"lat" : 40.7128830197085,
					"lng" : -73.96263788029151
		"place_id" : "ChIJd8BlQ2BZwokRAFUEcm_qrcA",
		"types" : [ "street_address" ]
		... Additional results[] ...

API Management

What is it?

Creating a centralized API architecture that makes the process of composing, securing and managing high-performance interfaces significantly simpler and more consistent.

API Management helps organizations publish APIs to external, partner and internal developers to unlock the potential of their data and services. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security and protection.

Main areas

  • API Security—Enterprises cannot afford misuse or abuse of their information or of any application resources exposed by an API.
  • API Lifecycle Management—Enterprises need a way to ensure API updates do not break when they upgrade/version APIs or move between environments, geographies, datacenters and the cloud.
  • API Governance—Enterprises need a way to control and track the broader operational character of how APIs get exposed to different partners and developers, through policy characteristics like metering, SLA, availability and performance.
  • Developer Enablement and Community Building—Enterprises need a way to bring developers on board, manage these developers and assist them in making the most of the exposed APIs.
  • API Monetization—For some enterprises, publishing APIs is not enough. APIs also represent a new revenue opportunity. Different API Management solutions enable monetization to different degrees. For enterprises, addressing these functional requirements is non-negotiable. However, along with these functional requirements, an enterprise will expect its API Management solution to deliver certain operational characteristics relevant to its unique IT experience.
  • Solution Manageability—Enterprises have development, test and production environments that span geographies, datacenters and clouds. They will therefore need an API Management solution that can fit their specific development styles and processes.
  • Solution Reliability—Enterprises publishing APIs commercially expect 5 9’s uptime, if not greater. Enterprises cannot afford outages.

Main features

  • API Integration – Ensure consistency between multiple API implementations and versions.
  • Documentation (Doc) – One of the most common problems of developers is figuring out how an API works. Development time is too precious to waste in trial and error of an undocumented API. An API management service has to provide an easy way to read the documentation and enable developers to “try before they buy”. In some cases it is even possible to provide interactive documentation. Simplicity and usability are the keys.
  • Analytics and Statistics (A&S) – It is critical to understand how people use your API and get insights for your business.
  • Deployment (Dep) – Should be flexible and support public or private clouds, on-premises implementations, or combinations.
  • Developer engagement (Dev) – Engaging with your API consumers, developer or partners is important. Getting an easily accessible developer portal will significantly facilitate onboarding.
  • Sandbox environment (SBE) – This feature will increase both the value of an API and its adoption rate, making easy to test code.
  • Traffic management (Tra) and caching abilities (Cch).
  • Security (Sec) – APIs carry sensitive data, so it is important to protect the exposed information. The service has to at least provide identity and access management for users and developers.
  • Monetization (Mon) – Provide the capability to monetize your API.
  • Availability (Ava) – Should be available, scalable and redundant. An API environment can become demanding and the service should be able to deal with any kind of errors, problems or temporary traffic spikes.


  Doc A&S Dep Dev SBE Tra Cch Sec Mon Ava
3scale Yes Yes   Yes   Yes   Yes Yes  
Akana Yes Yes   Yes         Yes  
Amazon API Gateway   Yes No       Yes Yes   Yes
ApiAxle   Yes Yes     Yes        
Apigee   Yes           Yes Yes Yes
Axway     Yes         Yes   Yes
Azure API Management Yes Yes Yes Yes No Yes Yes Yes No Yes
CA Layer 7   Yes   Yes   Yes   Yes Yes Yes
IBM API Management   Yes   Yes       Yes   Yes
Mashape Yes Yes   Yes       Yes Yes Yes
Mashery   Yes   Yes   Yes   Yes    
Mulesoft   Yes Yes     Yes   Yes    
Oracle SOA Yes Yes   Yes       Yes    
WSO2 Yes Yes Yes Yes Yes Yes Yes Yes Yes No

* White boxes indicate that no documentation about subject could be found on the first looks

Summary of the main stage #dotNetSpain2016

Yesterday was the .Net Conference at Kinepolis Madrid. The schedule was really huge but, lucky me, I could not assist so I did not have to choose and only could see the streaming of the main stage.

The starting keynote was carried out by Jose Bonin. Jose was talking about the future, about the great things that technology will give us. He talked about different things like just-in-time translation with skype or homomorphic encryption to operate with encrypted data. He shared the stage with Alberto Diaz, he showed a factory robot and talked about interfaces, IA and stuff like that.

After that, Chema Alonso talked about security with examples specially focused on Microsoft technologies. He did a Pen test to site. Chema is always amazing and funny.

The most expected talk by social networks was the the keynote of Satya Nadella (CEO@Microsoft).

He talked about the great moment to be a .Net developer, and says that they are giving us a single development model to create programms for all their technologies. You can use .Net to implement Machine Learning algorithms and an interface for Hololens.

The first in the afternoon was Hugo Biarge (the last at the morning for Spanish people as he said). He talked about Authentication and Authorization with the new version of ASP .Net. The new model (Imperative Authorization) is based on policies and claims, no more user and roles (roles stay but they are not recommended). Active Directory and Identity Server are the main characters to do this.

After lunch break, Luis Ruiz Pavón talked about the new .Net framework (and ASP .Net). It was crazy because Microsoft changed all things. I wrote a post two weeks ago about what is coming, this post was published yesterday and it has a lot of mistakes because they changed all: environment, commands, even the names!

Eduard Tomas presented all the news of MVC6, a lot of changes. It will be like learn a new framework (I tested it and I cannot recommend it for production projects at this moment). Nowadays it is hard to be up to day but necessary to do our job, isn’t it?

Last ones over the stage were Francesc Jaumot and Jose Cousiño. They did a demo with a lot of code, teaching how to use Visual Studio Code to develop a single page application using Angular 2 (the TypeScript flavor) in the frontend and ASP .Net Core 1 in the backend. It was a talk with a lot of problems but they were ready to jump obstacles and in the end all worked.

All of them were really interesting, and I suggest you see the linked videos.

At the end of the day everybody was surprised with the information of Microsoft acquiring Xamarin. Me too, but it has perfect sense attending changes coming that we saw during the #dotNerSpain2016.