API Manager

 What is API Manager?

• API Manager is a component of Anypoint Platform for managing APIs.
• API Manager manages APIs that reside in Exchange
• API Manger is used to apply the policies on APIs

Please visit this url for more information

What is API Autodiscovery?

• API Autodiscovery is used to pair the API in API Manger to it deployed mule application
• When autodiscovery is correctly configured in your Mule application you can say that your application’s API is tracked by or paired to API Manager.
• An API in a Mule runtime can only be associated with one autodiscovery instance. No two Autodiscoveries can be associated to the same API in a Mule Runtime.

Please visit this url to for more information

What is API Gateway?

API Gateway is embedded inside mule runtime, using this gateway any user can apply basic authentication policy on top of Mule application, enrich and incoming outgoing message or any other complex capability to an API without writing code. Basically it is an orchestration layer on top of your back end API to help you separate orchestration from implementation.

What are API security policies are available in MuleSoft?

• XML or JSON threat protection – this will protect against the oversized XML or JSON payload
• Client ID enforcement – authentication is need for proper use of an API, only client authorized can use the API and no one else
• SLA-based Rate Limiting – this is more need in case we want to monetize an API otherwise ignored e.g.
  • Free – 20 request per minute
  • Unlimited – 100K request per minute
• IP blacklisting – this can be used if we want to limit the consumption of an API to particular IPs e.g. IPs know for hacking etc.
• Tokenization – to tokenize any element which can be sensitive e.g. credit cards etc.
• HTTP Caching – in case we think the response don’t change frequently and it’s ok to send the same response for particular request
• Cross-Origin resource sharing – is a standard mechanism that allows JavaScript XMLHttpRequest (XHR) calls executed in a web page to interact with resources from non-origin domains. CORS is a commonly implemented solution to the “same-origin policy” that is enforced by all browsers.
• Spike Control API – it will protect the system against burst requests
• Header removal or injection – add remove HTTP header
• Message logging – Logs custom messages between policies and flow. the payload will be consumed by the policy if it’s a non-repeatable streams

Please visit this url for more information

What is the difference between Throttling and Rate Limiting?

Rate Limiting and Throttling are the API Policies available in MuleSoft, you can apply these policies through API Manager.

Rate Limiting: The Rate Limiting policy limits the number of requests an API accepts within a window of time. The API rejects requests that exceed the limit

Throttling: The Throttling policy queues requests that exceed limits for possible processing in a subsequent window. The API eventually rejects the request if processing cannot occur after a certain number of attempts. You can configure a delay between retries, as well as limit the number of retries

             Please visit this url for more information