As an API owner, I want to make weather information available in a programmable way. The marketing department wants to automate its mailings for bank services information. They have noticed that people react differently depending on the weather, for example, they only save for a rainy day, if it is a rainy day. They require an API that provides them a forecast so they know when to schedule a mailing and they need an API that gives them the current weather. The requirement is for Bangkok at the moment, it might be needed for other cities in the future.
You have found an API at openweather since you are expecting more departments to be needing this API and your company policy is to have a “time to hello, world!” less than 10 minutes you want to make a simplified version of the complex API available from the internal developer portal.
Access to backend API:
Your API key = 7369b7d2c2cd0aed3e2cacd6d6686e4 (this key is currently not valid)
Reading through the documentation you have found a method for getting the current weather in bangkok
And you have found a method for getting a five-day forecast in Bangkok.
In this practice you will use the API manager (as the security team or the API provider) and you will use the developer portal as an API consumer.
Login as a API consumer <developer portal url> Login: developer Password: developer Login as a API provider <API manager url> Login: apiadmin Password: xxxxx Organisation: API development
Task 1, create a manual backend API using API manager
Login to Apimanager
apiadmin and password
Add a new Backend API with the
New API button, select
New to create a
Creating a Backend API
The steps to do are:
• Give your backend API a name. • Put in the basepath http://api.openweathermap.org • The resource path is /data
Next, we will define the two methods we will offer the company.
The first method is to get the five-day forecast:
• Put in the name (forecast) • Verb = get • Path = /2.5/forecast • Response: string Define a parameter • Name = id • You can help developers so they know the 16069350 gets the Bangkok information
The next method is to obtain the current forecast.
The same information as before, but the path is /2.5/weather/, the naming of the method can be current weather (or give it a local name).
• Put in a name (current) • Verb = get • Path = /2.5/weather • Response: string Define a parameter • Name = id • You can help developers so they know the 16069350 gets the Bangkok information
Congratulations! You have now set up the backend system, your backend API and let’s make it available by virtualizing the API as a front-end API.
Creating a frontend API
The main menu adds a
Frontend API from the API menu, use
New API from backend API
The first tab shows how your new API will be found, you will need API REST guidelines to make sure this is handled in a structured way, for now, we will make the API available under api.yourcompany.com/weather We can define the
inbound security, for now, we will keep it an open API choose
Select how the security for your backend API (outbound) is done:
The API Key is provided previously Press edit to change
The API key field name used from weatherunderground is called
-APPID -Put in the API key -The backend api is expecting the API key in a query string
Go to the API tab and see how you will make the API available in your company give it a name and tell people a little about it in the summary.
Great! Select Save, the API is now available in the API development organization!
Log in to the developer portal and go to the API page. See if you can find your new API, and select it Select one of the methods in your API, put in
bangkok as your city
id Use the
Try it out button.
You will get an error back saying that Bangkok is not an ID! Try the same with
1609350 Try the other method and see if you spot the differences.
Copy the Request URL from the portal and paste it into a new collection and request in postman. Press
send (if there is no response, try to put the URL in a browser once to load the certificates)
Use case: Add Security
As an API owner, I want to add security so I can restrict access to my API.
Your API is the most used API in the company; random people are even starting to use it to avoid work when the weather is nice. Security has asked you to restrict access and to implement API keys. Return to the API Manager and select the Frontend API you have created.
Go to the
inbound tab and select
API key for inbound security. the default value for the API key is
KeyId feel free to change it (use the same naming in the postman test) Select
The API is now secured, so we can make it available for other organizations in the bank: From the
Frontend API list select the API and from the
Managed selected menu select
publish to make this API available for other organizations.
Go back to the Portal, refresh the browser, and see if you can get access to the API. At this point in time, access is only available to registered apps. There are multiple ways to create Apps, we will explore the self-service capabilities of the dev portal.
Applications tab on the developer portal
+Create application for a new application, give it an application name and select the
Weather API. Select
To generate Keys for the application, select the application you just created. Select
Edit the application
The developer portal shows the key immediately. (make a copy of the key in your notepad)
Return to the
API tab, select the Weather API. Select the key from the
API key dropdown and now test the API again.
Try the same with your Postman client, without a key you will not get a response if you press
send (for this demo we haven’t defined status codes)
update the Postman request with the same key you used for the demo
Return to the API portal From the API tab, select the Weather API and download the Swagger Spec to a folder on the local computer. Open a new browser tab and go to: http://editor.swagger.io/#/ Select file and import file to import your swagger file in the online editor. can you find your own comments and information on the requests???
(there is no option to try the API at the moment since your API gateway is local).
READ MORE: Deploying API Gateway in Kubernetes in Helm charts.
Provide restricted access for Mark from the Marketing department.
as a developer from the marketing department, I want to use the API so that I can check on the weather for my marketing campaigns
You got an email from Mark saying he has lost access to his API, you will need to help him get a key. To control and govern APIs we need to use APIManager.
Login back to APIManager and select the
From the organization’s tab, create a new organization “marketing” give it a random email address and add the new API to the organization.
Press “generate code” this will allow people to self-register on the portal with the created code. For now, we will help Mark a little and set up his account for him.
From the application developer tab in the client’s menu, create a new user, create any name, but assure you select the marketing organization.
IMPORTANT: after you press
Create scroll down and select
Select a password and write this down (or use mark/mark) Mark can now log in from the developer portal and create his own application
go to the developer and
sign out the current user –
login as per the user you just created
- Go the
- Pretend to be mark and
- choose an
application namefor instance
marks weather app
- select the
We have the application-defined, but there is no Keys jet!
marks weather app
edit the applicationunder the
- under the
API keyssection feel free to generate a few keys
Go back to your Postman application and check if the new key works.
As an API owner, I want to restrict traffic to my API so that I secure my backend systems from misuse
Mark has been abusing the API we need to limit his usage.
Go back to the API manager GUI where we govern the usage of our APIs From the
clients menu we can find the same application which mark created in the
Read through the details and see if you find the keys which Mark just created on the developer portal
Quota tab we will set a very low quota select
override default quota.
Select the weather API Throttle all methods
2 messages every
Go back to your Postman application and check if the new key works. press
Send 3 times. Why does it only work two times ? 🙂
You have come to the end of the weather API exercise!
Use case: New Zealand business information
As an API team, I want to easily make external APIs available as internal APIs so that we can accelerate internal development and keep full control and visibility.
You have been asked to make the New Zealand business number API available as a re-usable API within the Bank. The API is documented in the Swagger format on the New Zealand developer portal you can download the file directly https://github.com/harvthe/SimpleApis/blob/master/nzbnv3
We will use the API Manager GUI to setup the new API
To begin: add
new API from
Backend API menu, from the
API menu. Select –
Import Swagger API
From the next menu, upload the swagger file (nzbnv3)
name for the new backend API
new zealand business numbers API. Press
import to start the import process. For details check on how all
methods have been imported automatically Now, we need to virtualize this API by making it available as Fontend API Select
New API from the frontend menu. Select from existing backend API and search for the
New Zealand business numbers API.
inbound authentication select
pass through Provide a
resource path according to your standards
v1/newZealandFor outbound keep as (we are not going to connect to the backend) In the
API tab, check the
API name, and change if desired. Change the
version of your API to
1.0 In the
API summary note that this is a
fake API. At the
API methods, check if all methods have been integrated Since this is using an HTTPS service, we need to check if the server certificates have been loaded under
trusted certificates Select
Save. Check on the developer portal on how this API is documented and how SDKs are now generated for easy integration into your applications!
API Challenge for bonus points!
The light on the table is controlled by the APIs from Axway Australia. Find the color of your team below and see if you can expose the API in your own organization and change the color of your team as per the table below.
Download the demo Swagger file. Use the previous instructions to load this API as a Swagger. This time from the frontend API menu setup the
Outbound authentication profile using the keys below (in the header) with the ID
APIKey choose the API key of your team. For your inbound security, choose whatever you feel is quickest! Set the color of the light through your own API by using your developer portal or postman, whatever works for you!