Book Image

Oracle API Management 12c Implementation

Book Image

Oracle API Management 12c Implementation

Overview of this book

Table of Contents (19 chapters)
Oracle API Management 12c Implementation
About the Author
About the Author
About the Author
About the Author
About the Reviewers


Digital transformation is at the core of every business strategy regardless of what type of business an organization is in. Companies that embark on a digital transformation journey are able to create innovative and disruptive solutions that are capable of delivering a much richer, unified, and personalized user experience at a lower cost. They are able to engage the customer in a seamless fashion through many channels, such as mobile apps, responsive websites, and social media. Organizations that adopt innovative digital business models gain considerable competitive advantage over those that don't.

The fundamental driver for digital transformation is the ability to unlock key information assets and business functionality, which is often hidden inside an organization's enterprise systems, and also services built following traditional Service Oriented Architecture (SOA) approaches.

Especially in regard to SOA, although many organizations have succeeded in the implementation of traditional SOA solutions, it has been broadly acknowledged that traditional SOA (meaning SOA implemented using traditional SOA tools, standards, and skills) did not deliver all of the capabilities required to fully unlock and also materialize an organizations' enterprise information and functional assets.

Moreover, new technology trends, such as multi-device mobile applications, Internet of Things (IoT), and API Management, have all introduced new ways of thinking about how technology can deliver benefits to the business. Although these technologies are in fact broadly based on SOA principles, they introduce their own flavor of architectures, implementation approaches, and integration patterns.

Here are some examples:

  • Creation of lightweight APIs that typically implement REST as a binding protocol and JSON as a message format, to facilitate the following:

    • Integration of mobile apps with backend systems

    • Exposing key information and functionality to third parties

    • Pay-per-use APIs that generate additional revenue

  • Cloud integration via Integration Platform as a Service (iPaaS) solutions, therefore giving birth to what is known today as hybrid architectures

  • Sensors built into devices and/or machines using embedded Java (or equivalent) that connect to other systems and/or machines using lightweight protocols, such as MQTT, which can also participate in broader business processes

  • Strong inter-business collaboration becomes a common practice in development teams, which allows broader process flows that are more customer-centric

Unfortunately, given the potential benefits that these new technologies bring to businesses and customers alike, many organizations rushed to adopt such technologies often at a tactical level without a clear strategy and with almost no governance in place. This approach has resulted in similar integration challenges to those experienced in the past, such as with early SOA adoption. However, the scale of these problems is much greater in nature as the spectrum of integration now also extends beyond on-premise systems into the cloud and mobile applications to name a few.

We can conclude that tactically implementing these new technologies without a robust governance framework drastically increases the complexity of integration, which in turn increases program costs both in terms of capital projects and runtime support. Although this might not be apparent initially, in the mid and long term this will likely become a roadblock to continue on the digital journey.

So, how do we define governance in relation to SOA and now API, mobile, and cloud? Although a very common question among practitioners, one is likely to be presented with many different answers depending on who is asked. However, the real question is not really what it is, but what it means to an organization and what benefits it can bring to a business. How can it be successfully implemented and which tools and processes are required to achieve it?

SOA Governance is a commonly misunderstood term and is often confused with other disciplines, such as Software Development Lifecycle (SDLC), Development Operations (DevOps), and/or Standards. In practice, although SOA Governance covers all of these concepts, its scope is broader still and covers everything from planning, analysis, service discovery and design, building, and testing stages of an SOA solution (design-time governance) to live operations and monitoring (runtime governance).

This book defines SOA Governance as the interaction between policies (what), decision makers (who), and processes (how) that are needed in order to successfully deliver SOA solutions (SOA Governance: Framework and Best Practices - An Oracle Whitepaper:

In the context of APIs and mobile applications, SOA Governance has evolved into a new discipline known as API Management. This book defines API Management as the adoption and adaptation of SOA Governance principles and tools in the context of managing the end-to-end lifecycle of an API and the personas (actors) around it.

If we think of new technologies and trends, such as cloud, B2C, and B2B collaboration, market place and APIs as dimensions of a cube and superpose SOA Governance with API Management, we give rise to a more holistic approach; this book refers to this approach as Application Services Governance (to read more on Application Services Governance, refer to Govern Your Services and Manage Your APIs With Application Services Governance at

Application Services Governance implementations can only be successful in business terms if they can realize measurable benefits and provide a Return on Investment (ROI) or important nontangible benefits. Failing to apply this principle means that these solutions will be seen as complex and expensive technologies, rather than architecture and solutions that deliver business benefits.

While reading this book, SOA practitioners and API developers will embark on the journey of implementing Application Services Governance using Oracle API Management solution. The book will discuss the common problems that different organizations face when implementing SOA and APIs. It also explains how the implementation of best-practice processes, standards, and other techniques, along with appropriate Oracle toolsets, can solve these key architectural issues.

The components that build up the Oracle API Management solution are depicted in the following diagram:

Here are the components:

  • Oracle API Catalog (OAC): This is aimed at design-time governance. This tool is very simple to implement and allows the quick collection and publication of APIs (WSDL-based or WADL-based) from Oracle and non-Oracle environments, hence allowing APIs to be visible and reused. The tool comes with a rich user interface and provides capabilities, such as API discovery, collaboration capabilities (for example, My APIs and ratings), and API metadata.

  • Oracle API Manager (OAPIM): This is built on top of Oracle Service Bus (OSB) 12c. This tool facilitates a runtime environment for the management of APIs through their life cycle. Using the OAPIM portal, different personas, such as architects and developers, can discover, consume, and monitor APIs running on the Oracle Service Bus.

  • JDeveloper: This is Oracle's preferred integrated development environment (IDE) for the development of software solutions using Java, OSB, SOA Suite, and other technologies, such as SQL, PLSQL, XML, and PHP, among others. JDeveloper offers a wide variety of plugins to integrate with other products, such as OER and OAC.

  • Oracle API Gateway (OAG): Formerly Oracle Enterprise Gateway, OAG is a standalone product to implement robust security polices and apply these to services. OAG is typically deployed as a policy enforcement point (PeP) in demilitarized zones (DMZ) where services are consumed or exposed by applications located in untrusted networks.

This book presents the concepts, guidelines, and tips required for successful API Management using the Oracle API Management solution.

What this book covers

The main objective of this book is to explain key concepts along with presenting practical guidelines on how to implement Application Services Governance using the Oracle API Management solution. The initial chapters of the book are focused on implementing the design-time governance, while subsequent chapters deal with runtime governance and focus on more advanced features of the toolset.

Chapter 1, Application Services Governance, describes in detail the key concepts around SOA Governance, API Management, and the Oracle API Management solution.

Chapter 2, Implementation Case Study, introduces a realistic use case of an organization that needs to implement API Management. The chapter highlights the steps followed by the organization as well as key critical success factors for the implementation.

Chapter 3, Oracle API Catalog Implementation, covers fundamental concepts and an implementation of OAC based on a realistic use case, including topics such as bootstrapping and harvesting, tool usage to classify and search APIs, and also how to extend OAC for richer functionality.

Chapter 4, Oracle API Manager Implementation Overview, provides an overview of the product and its capabilities and then describes how to implement the tool to solve a realistic use case.

Chapter 5, Oracle API Gateway Implementation Overview, provides an overview of the product and its capabilities and then describes how to implement the tool to solve a realistic use case.

Chapter 6, Installation Tips and Techniques, covers the Oracle API Management solution deployment topology and installation tips and steps for Oracle API Catalog (OAC), Oracle API Manager (OAPIM), and Oracle API Gateway (OAG).

What you need for this book

This book makes use of the following software:

  • JDeveloper 12c R1 (12.1.3)

  • Oracle Enterprise Repository 12c R1 (12.1.3)


    Note that Oracle API Catalog installation binaries are the same as Oracle Enterprise Repository.

  • Oracle API Gateway 11g R2 (

  • Oracle SOA Suite 12c R1 (12.1.3)

  • Oracle Service Bus 12c R1 (12.1.3)

Who this book is for

This book is mainly intended for enterprise architects, solution architects, technical architects, and SOA consultants who have implemented, or wish to implement SOA Governance or API Management using the Oracle API Management solution and toolsets.

It is essential that the reader has previous experience or knowledge of the following subjects:

  • JDeveloper 12c

  • Oracle SOA Suite 12c

  • Oracle Service Bus 12c

  • XML technologies in general


In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Each schema can reference definitions in other schemas by making use of the xsd:import directive."

A block of code is set as follows:

./harvest -url http://localhost:7101/oer -user
admin -password <password> -file ./test/samples

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:


Any command-line input or output is written as follows:

export PATH

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Finally, review the entered installation details using the summary screen and hit the Create button when you are happy."


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail , and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.


Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.


If you have a problem with any aspect of this book, you can contact us at , and we will do our best to address the problem.