Case Studies

The agency contracted a company to develop a mobile application to make some services available to the citizens. Though most of the functionality required by the mobile application existed in legacy Web Services, contractor company needed REST endpoints. It was not likely to re-develop existing services as REST due to time and staff constraints.

We immediately opened up some of the SOAP Web Services as REST with the help of Protocol Transformation capabilities of API Gateway.We showed how to create Mock APIs for mobile application developers’ use until the actual endpoints are ready.Then we created three REST endpoints by DB-2-API in a few minutes.Finally, we configured a JWT authentication mechanism for all these APIs’ authentication, and added an IP restriction so that only client app’s server can access to these APIs.

Both developers and administrators were surprised and impressed to see that we completed all these stuff in half a day. It did not take too long for the agency to license Apinizer products. The mobile application is in use now, and the number of clients is increasing. System is continuosly under control with the help of the API Monitor and API Analytics capabilities. The Agency recently contacted us for a new license to scale the system.

There was a few problems with this case. First, each and every client application within the company used to copy the access information of the external API within their code. This was a serious problem in terms of security and management. Second, company was unable to detect any malicious usages of the information provided by the API.

We immediately opened up some of the SOAP Web Services as REST with the help of Protocol Transformation capabilities of API Gateway.We showed how to create Mock APIs for mobile application developers’ use until the actual endpoints are ready.Then we created three REST endpoints by DB-2-API in a few minutes.Finally, we configured a JWT authentication mechanism for all these APIs’ authentication, and added an IP restriction so that only client app’s server can access to these APIs.

After centrally handling the security and privacy of all the traffic to and from the external API easily without coding, the company became an Apinizer customer.

The number of Web Services was high, and the number of developers to do this was low. Therefore, it would take too much time to successfully update the code of all Web Services to take tokens from the Keycloak server.

In about 6 minutes, we configured one of the Web Services to take authentication token from Keycloak with the help of Apinizer API Gateway’s API Call policy. Then the staff applied the same policy to the other Web Services in about 1 minute per one.

Customer completed the job in an unexpectedly short time, beyond their estimations.

It was a very common problem: “much work, little time, less resource”. Additionally, developers had no clue of Web Service development, handling security, failover, logging, or other stuff. In other words, it was a “much work, little time, no resource” problem.

We introduced Apinizer products to the project manager, and created a REST endpoint with DB-2-API in 1 minute. Then, we configured authentication, IP restriction, and SQL Injection filters in an additional 3 minutes. At the end of 5 minutes, one of the Web Services they had to develop was ready. Finally, we configured a monitor, in about 2 minutes, that will send an e-mail to the developers if the Web Service fails.

The agency immediately licensed Apinizer API Gateway, DB-2-API, and API Monitor. In 12 days, they put 87 Web Services in production with only one personnel who knows the database and SQL, but almost nothing about Web Services. The integration project is active now, and the management discusses new integration scenarios while telling their success story to other agencies’ managers!

It was obviously lackness of monitoring. Properly configured monitors could detect the problems and inform the related people instantly. Monitor logs would also help to show the source of the problem to others.

The team immediately created a few monitors, and started checking the integration points. We also configured actions to send e-mails to developers if any error occurs on any of the integration points. Soon, the first e-mail showed that an endpoint of a stakeholder’s API causes all the integration flow stop. The time of the error and the content of request was sent to the stakeholder, and they fixed the error of the endpoint.

Our customer creates at least one monitor (in some cases the number may increase) for each Web Service as a step of their development process now.

If it is possible to automate it, manuel operation is inefficient, error-prone, and annoying. The scenario in this case was one of the very common scenarios of automating a process spreading on multiple resources.

We created a job as a Task Flow in a few minutes, and showed how to automate such a process. First task was retreiving the currency rates from the HTTP address as an XML document, second and third tasks were mapping the values to INSERT statements for specified databases. Additionally, we configured an action to send an e-mail if the flow fails. Finally, we scheduled the job to be called at a certain time everyday.

The customer was impressed to see that it is just a few minutes to configure the job and put it in action. They immediately licensed API Integrator, and created new task flows for their similar jobs. Though some of these jobs have already been automated with some custom solutions, they did used API Integrator to become able to associate some actions to the jobs to be informed about the result, and keep the logs.

Updating the existing application or the clients’ code were not an option. On the other hand, the query  to gather the roles from the application’s database was too complex, and that would possibly create a performance issue.

A senior developer in the company managed to solve the problem with Apinizer’s features.First, using Apinizer DB-2-API he created an API that will return the roles of the given user.Then he configured Apinizer to cache the responses of this API. Since the roles of the users were not being modified often, a not very short invalidation period for the cache was enough to increase the performance of the API even though the query behind the API was not so fast.Next step was creating an API Call Policy to enrich the original request of any authenticated client with the roles provided by this new API for the client.  Finally, backend APIs were able to take the roles of the client from the header of the messages.

A complex requirement was handled by the customer elitely without coding. The scenario was really inspiring even for the Apinizer Team