WSO2 API Manager vs ESB

I have seen many queries on which solution is better for integration in below two WSO2 products-

  1. API Manager
  2. ESB

Here is list of features provided by WSO2. I hope it will help to decide whether to go for API Manager or ESB or API Manager + ESB

What is WSO2 API Manager

API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for scalable routing API traffic. It leverages proven, production-ready integration, security, and governance components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registry. In addition, it leverages the WSO2 Business Activity Monitor for Big Data analytics, giving you instant insight into APIs behaviour.

What is WSO2 Enterprise Service Bus

WSO2 Enterprise Service Bus is a lightweight, high performance, near-zero latency product, providing comprehensive support for several different technologies like SOAP, WS* and REST as well as domain-specific solutions and protocols like SAP or HL7. It goes above and beyond by being 100% compliant with enterprise integration patterns. It also has 100+ ready-made, easy-to-use connectors to seamlessly integrate between cloud service providers. WSO2 Enterprise Service Bus is 100% configuration driven, which means no code needs to be written. Its capabilities can be extended too with the many extension points to plug into.

WSO2 API Manager’s Feature

Design and Prototype APIs-

  • Design APIs, gather developers’ feedback before implementing (API First Design). Design can be done from the publishing interface or via importing an existing Swagger 2.0 definition
  • Deploy a prototyped API, provide early access to APIs, and get early feedback
  • Mock API implementation using JavaScript
  • Supports publishing SOAP, REST, JSON, and XML style services as APIs
  • Supports grouping of multiple APIs based on the version
  • A sample API to try-out for a hassle-free first experience

 Publish and Govern API Use

  • Publish APIs to external consumers and partners, as well as to internal users
  • Ability to publish APIs to a selected set of gateways in a multi-gateway environment
  • Support enforcement of corporate policies for actions like subscriptions, application creation, etc. via customizable workflows
  • Manage API visibility and restrict access to specific partners or customers
  • Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire
  • Publish both production and sandbox keys for APIs to enable easy developer testing
  • Manage API versions and deployment status by version
  • One-click deployment to API gateway for immediate publishing

 Control Access and Enforce Security

  • Apply security policies to APIs (authentication, authorization)
  • Rely on OAuth2 standard for API access (implicit, authorization code, client, SAML, IWA Grant Type)
  • Restrict API access tokens to domains/IPs
  • Supports plugging in third-party key servers for application registration, token generation & token validation apart from the WSO2 Key Manager
  • Block a subscription and restrict a complete application
  • Associate API available to system-defined service tiers
  • Leverage XACML for entitlements management and fine-grain authorization
  • Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps

Create a Store of all Available APIs

  • Graphical experience similar to popular applications stores
  • Browse and search APIs by provider, tags, or name
  • Provision API keys
  • Subscribe to APIs and manage subscriptions on per-application basis
  • Subscriptions can be at different service tiers based on expected usage levels
  • Try APIs directly from the storefront
  • Internationalization support
  • Common view of the store for users registered under same organization

 Manage Developer Community

  • Self-registration for developer community to subscribe to APIs
  • Developer interaction with APIs via forums, comments, and ratings
  • View API consumer analytics

 Manage API Traffic

  •  API gateway can act as SSL termination point
  • Supports protocol transformation, data transformation, and API composition
  • Maps between HTTP(s) and other protocols, such as JMS or writing to file systems
  • Extremely high performance pass-through message routing with minimal latency
  • Enforces rate limiting and throttling policies for APIs by consumer
  • Horizontally scalable with easy deployment into cluster using proven routing infrastructure
  • Supports up to 1300 TPS on a single node

 Monitor API Usage and Performance

  • All API usage published to pluggable analytics framework
  • Out-of-the-box support for WSO2 Business Activity Monitor and Google Analytics. Supports configuring WSO2 Business Activity Monitor through a graphical interface.
  • Track consumer analytics per API, per API version, per tiers, and per consumer
  • Monitor SLA compliance
  • Alerting, real-time dashboards
  • Publish your own events and create your own dashboards
  • OOB support for events based on throttling, faults, latency within and from WSO2 API Manager to target and approval/rejection of self-registration, subscription and app creation

 Pluggable, Extensible, and Themeable

  •  All components are highly customizable through styling, theming, and code extensions
  • Storefront implemented with Jaggery/JavaScript (jaggeryjs.org) for easy customization
  • Pluggable to third-party analytics systems and billing systems
  • Pluggable to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra
  • Components usable separately: API store can be used to catalog APIs deployed in third-party gateways

 Easily Deployable in Your Enterprise

  • Role-based access control for managing users and their authorization levels
  • Storefront can be deployed in DMZ for external access with publisher inside the firewall for private control
  • Different user stores for developer-focused storefront and internal operations in publisher
  • Integrates with enterprise identity systems including LDAP and Microsoft Active Directory
  • Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall

WSO2 Platform Multi-tenancy Support

  • Run a single instance and provide API management to multiple customers, each in their own domain
  • Share APIs between different departments in a large enterprise

WSO2 ESB’s Feature

Connecting Anything to Anything

  • Adapters to cloud services: 100+ connectorsincluding Salesforce, Paypal, LinkedIn, Twitter and JIRA
  • Transports: HTTP, HTTPS, POP, IMAP, SMTP, JMS, AMQP, FIX, TCP, UDP, FTPS, SFTP, CIFS, MLLP and SMS
  • Formats & protocols: JSON, XML, SOAP 1.1, SOAP 1.2, WS-*, HTML, EDI, HL7, OAGIS, Hessian, Text, JPEG, MP4, all binary formats and CORBA/IIOP
  • Adapters to COTS systems: SAP BAPI & IDoc, PeopleSoft, MS Navision, IBM WebSphere MQ, Oracle AQ and MSMQ
  • Inbound endpoints: HTTP, HTTPS, HL7, JMS,File, MQTT and RabbitMQ

 Routing, Mediation & Transformation

  • Routing: Header based, content based, rule-based and priority-based routing
  • Mediation: EIPs (including scatter/gather, message filters, recipient list, dead-letter channels, guaranteed delivery and message enrichment), database integration, event publishing, logging & auditing, validation
  • Transformation: XSLT 1.0/2.0, XPath, XQuery and Smooks

 Message, Service, API & Security Gateway

  • Expose existing applications & services over different protocols and message formats
  • Virtualize services for loose coupling and SOA governance
  • Load balancing for scalability and failover for high availability of business endpoints
  • Create service facades for legacy / non-standard services
  • Enforce and manage security centrally, including authentication, authorization and entitlement
  • Policy enforcement and governance viaWSO2 Governance Registry
  • Expose services & applications via RESTful APIs with key management
  • Logging, audit and SLA monitoring, KPI monitoring
  • WS-Security, LDAP, Kerberos, OpenID, SAML, XACML
  • SSL tunneling and SSL profiles support for inbound and outbound scenarios
  • CRL/OCSP Certificate revocation verification
  • Supports 1000s of concurrent non-blocking HTTP(S) connections per server
  • Pure streaming and on-demand processing of messages
  • Sub-millisecond latency for high-throughput scenarios
  • Supports highly available deployment
  • Horizontal scaling via clustering with stateless server architecture
  • Long term execution stability with low resource utilization
  • Declarative development with configuration instead of code
  • Easy configuration of fault tolerant mediations with support for error handling
  • Server customization via feature provisioning of any WSO2 middleware capability
  • Extend configuration language with custom DSLs via templates
  • Embed scripting language code in Javascript, JRuby, Groovy and more as custom mediators
  • Integrated with SVN, Maven, Ant and other standard tools for development & deployment
  • Integrated toWSO2 Developer Studio, Eclipse-based IDE for all WSO2 products
  • Comprehensive management & monitoring Web console with enterprise-level security
  • Built-in collection and monitoring of standard access and performance statistics
  • JMX MBeans for key metrics monitoring and management
  • Integrates withWSO2 Business Activity Monitor for operational audit and KPI monitoring and management
  • Flexible logging support with integration to enterprise logging systems
  • Centralized configuration management across different environments with lifecycles and versioning via integration toWSO2 Governance Registry

High Performance, High Availability, Scalability & Stability

  • Supports 1000s of concurrent non-blocking HTTP(S) connections per server
  • Pure streaming and on-demand processing of messages
  • Sub-millisecond latency for high-throughput scenarios
  • Supports highly available deployment
  • Horizontal scaling via clustering with stateless server architecture
  • Long term execution stability with low resource utilization

Lightweight, Developer Friendly and Easy to Deploy

  • Declarative development with configuration instead of code
  • Easy configuration of fault tolerant mediations with support for error handling
  • Server customization via feature provisioning of any WSO2 middleware capability
  • Extend configuration language with custom DSLs via templates
  • Embed scripting language code in Javascript, JRuby, Groovy and more as custom mediators
  • Integrated with SVN, Maven, Ant and other standard tools for development & deployment
  • Integrated toWSO2 Developer Studio, Eclipse-based IDE for all WSO2 products

Manage & Monitor

  •  Comprehensive management & monitoring Web console with enterprise-level security
  • Built-in collection and monitoring of standard access and performance statistics
  • JMX MBeans for key metrics monitoring and management
  • Integrates withWSO2 Business Activity Monitor for operational audit and KPI monitoring and management
  • Flexible logging support with integration to enterprise logging systems
  • Centralized configuration management across different environments with lifecycles and versioning via integration toWSO2 Governance Registry

 Conclusion-

API manager is not a replacement for an ESB but rather an enhancement for service oriented architecture.

An API Manager provides a central access point for managing, monitoring, and securing access to your publicly exposed web services. It would also allow you to consolidate services across disparate endpoints as if they were all coming from a single host. For example let’s say you had ten different service endpoints that were all part of a single “suite” of services. Rather than informing consumers of your service to use service1.yourcompany.com for one service and service2.yourcompany.com for another and so forth, you can instead have them all point to api.yourcompany.com/service1 or api.yourcompany.com/service2 and the manager would be responsible for redirecting the requests to the appropriate endpoints.

An ESB is an internal “Bus” that allows applications and services to communicate with each other in an uncoupled fashion. All applications can hook into the bus and they can receive any message that interests them when published by another application. They can also publish their own messages that another application may listen for and respond to. The applications are not responsible for connecting with each other directly; they publish their messages to the bus and all interested parties listen and react.