API management on the SCOREwater platform
The SCOREwater platform provides access to datasets and services. Examples of datasets are water quality data, meteorological data from various sources and soil moisture data. These datasets are used to provide certain services, such as the flood early warning system in Amersfoort which sends out an alter when the sewer system is probably going to flood.
Making datasets accessible
Different API’s are used to provide access to datasets and services in the SCOREwater platform. The FIWARE ContextBroker allows applications to access the current state of an entity (for instance a sensor) and to subscribe to updates of these entities. The Short Term History API provides access to historical information. Data driven models can register a callback with the ContextBroker and are notified when new data comes in. They can then process these new data, if needed together with historical information which can be obtained from the Short Term History API.
Some of the datasets and services in the SCOREwater platform are publicly available, but others are not. To accommodate for those differences and to gain insight into the usage of API’s, an API management layer was added to the SCOREwater platform. Using an API management solution, access to datasets and services can be logged and controlled. The API management solution allows us to define different plans for each dataset or service and thus implement different access levels.
Publicly accessible APIs can be published using a plan which does not require an API key. APIs which are only accessible once certain requirements have been met, can be published using a plan which requires an API key to be able to access the API. API keys can be assigned automatically, or only after the third party requesting the API has met certain requirements. API keys can be revoked, if usage of the API is not in line with requirements. Plans can be used to define usage limitation such as quota and throttling. Multiple APIs plans can be defined for each API. This allows us to, for instance, define a sandbox plan which does not require registration or an API key. It only allows for limited usage combined with a plan which does require registration and an API key with less restriction on the amount of requests clients can do. Furthermore, read only and read/write plans have been defined. The read plans only allow for access to methods which are used to read data from the SCOREwater platform. The read-write plans allow for access to methods to both read and write data to/from the SCOREwater platform. These plans are intended for data providers.
The SCOREwater platform uses the Gravitee API management solution. Gravitee consists of three parts: i) the management UI for managing the API’s, ii) the portal UI to discover API’s, register and take out subscriptions and iii) the gateway used to access the API by third party applications.
Next step is to present all the information for SCOREwater API’s, datasets, products, services and documentation which is now available in different locations in one SCOREwater portal, making it the one-stop-shop for all SCOREwater related content. Different SCOREwater partners will be working on this portal during the final year of the project.