Forum Stats

  • 3,853,644 Users
  • 2,264,249 Discussions


Oracle API Management Solution and Components involved - suggestion and feedback

Hi All,

We are currently working on a framework for Mobile applications, where we will be exposing a few REST APIs for external mobile app developers to consume. We are planning on using OAG and OSB as follows:

OSB - The orchestration logic and the API implementation will be carried out in this component.

OAG - This will be used as a proxy to the back end API and as the first line of defense. We are using OAuth 2.0 to secure our APIs, and OAG will be used as the OAuth Authorisation server. That means, the application management and the access token management will be carried out in this component.

Now, I have been doing some reading on the API management solution offered by Oracle and came across two new components, namely, the Oracle API Manager and the Oracle API Catalog. I have a few questions on these components.

Oracle API Manager - From my understanding, this component extends the OSB and can be used to create and publish APIs to the external vendors consuming the APIs (say app developers). And it also provides API security (by generating an access key). I am trying to understand where does this component sit in the API management solution. As in, can we use this component to define and design APIs just like specs like RAML or Swagger? Also, how is this different to OAG when it comes to API security (is this access key different to client ID and client secret used in OAuth and is this access key required to be sent to external apps?).

Oracle API Catalog (OAC) - How it this different to the Oracle API Manager? Is this more for internal developers, helping them to discover and understand what the OSB services (APIs) do; more like a documentation of the OSB services?

I have read a few articles on these components, but finding it hard to get my head around it and understand how these are really used as an API management solution. Any suggestions and feedback from people who have worked on these components will be greatly appreciated.

Also, one last question - is there a way we can define, and document the REST APIs (specifications) like how tools like Swagger and RAML does, in Oracle? Or import Swagger or RAML files to document the REST API specs in any Oracle tool/component? I am not sure if the Oracle API Manager is the answer to this.