I have created an API Gateway with Websocket protocol.
After I deploy the API, I get a WebSocket URL and a connection URL.
e.g.
WebSocket URL: wss://xxxx.execute-api.us-west-2.amazonaws.com/test
Connection URL: https://xxxx.execute-api.us-west-2.amazonaws.com/test/#connections
Now everything is fine, I am able to connect to the API, and send and receive messages.
But when I try to access a different path, I get an HTTP 403 error.
e.g. If I try to connect to wss://xxxx.execute-api.us-west-2.amazonaws.com/test/some/path
, I get 403 error.
Is it possible to configure API gateway in such a way that it accepts connections to all paths and passes on the path, i.e. /some/path in my case, to the $connect route handler?
This is not yet supported by AWS. See the article and comments here https://medium.com/#lancers/using-parameter-mapping-in-websocket-api-67b414376d5e
There is a workaround with using an additional server, author of the article proposes the following:
you may put your own server that accepts an URI with path parameters, then return 302 to redirect the client to the WebSocket API endpoint with query string instead.
Related
I am using angular-oauth2-oidc to connect to Keycloak server which is behind nginx.
I am using code flow for retrieving the token.
Even when using HTTP also, I see a GET request being sent for /protocol/openid-connect/certs
which is failing since the frontend APIs are having the correct hostname, but the backend APIs (jwks_uri) is having localhost.
Also, I am unable to set the KC_HOSTNAME_STRICT_BACKCHANNEL=true since the backend microservices will not be able to connect to Keycloak.
Is there a workaround for this.
What additional setup is required to perform HTTPS call using HTTPClient adapter in Apama. I have used the host and port as 443. But still it is giving host not found error with status 400. The same https endpoint is working in POSTMAN , Browser and Integration Server. Please help.
You need to set 'tls' to true in the config for HTTPClient (see http://www.apamacommunity.com/documents/10.3.1.1/apama_10.3.1.1_webhelp/apama-webhelp/#page/apama-webhelp%2Fco-ConApaAppToExtCom_httpclient_configuring_the_http_client_transport.html%23 )
Or, if you're using the Generic HTTP EPL API, it's HttpTransport.getOrCreateWithConfigurations(host, port, {HttpTransport.CONFIG_TLS:"true"})
There's also tlsAcceptUnrecognizedCertificates and tlsCertificateAuthorityFile if you have a service that's not using a recognisable certificate.
I just created an REST API in API Connect and the endpoint works when I test it in the APIC assemble tab. It requires a client id and client secret. When I send a request through Postman, I currently get a “Could not get any response” message from when I try to add them as header values or OAuth authorization. I’m using the request endpoint that’s displayed when I hit the debug button from the successful response on the Assemble tab. Is this the correct endpoint to use? How do I properly include the client id and client secret in a Postman request?
If you get a "Could not get any response in Postman", that means that Postman can't reach the destination of the request.
There are several reasons for that:
Is it an intranet or internet endpoint?
Are you using a proxy? (check proxy config)
Is the hostname resolvable? (try ip)
If it is an https
endpoint, with a self signed certificate, check if you have SSL
Certificate verification enabled (Settings-> general)
On the other hand, to send the client-id and client-secret headers, just click on Headers tab and add both (see the following picture)
Please check the below things to get access to API Connect published services.
Service needs to be allowed to invoke from postman(System from which you are invoking.)
Please check the web-api MPGW service titled in DataPower default domain created when you configure your API connect with DataPower have you created an access control list in the front-side-handler.
Please disable the SSL configuration in the postman, sometime this may create a problem(since the service exposed from API Connect will be with SSL)
From the error you are getting, I suspect there is no connection or only one-way traffic is enabled which means you are blocking response. If there is an issue with the request parameters you are sending, an error will be different saying, wrong client id or client secret.
Testing API which is on-boarded from API Connect will be straightforward or same we invoke other rest services.
Thx Srikanth
I needed to include the client id and client secret in the headers using the correct name for them, which is specified when creating/editing the api under the 'Security Definitions' category as 'Parameter Name'.
I was also hitting the wrong endpoint. To find the correct endpoint click the hamburger icon in the upper left of api connect website, select dashboard, click on the environment you want such as sandbox or dev, click settings, click gateway, then you'll see the endpoint.
I'm trying to setup AWS Api Gateway as a reverse proxy for my actual deployed API.
My understanding is that I do this by creating a "Proxy" Resource and then specifying my http endpoint URL - as described here
Create and Test an API with HTTP Proxy Integration through a Proxy Resource
This works fine when I try to use the API through the "Test" function within the Resource Editor. I can make calls to any exposed resources using GET methods and see the successful responses.
However, when I deploy the API Gateway API I can no longer access anything using the "Invoke URL" it gives me - I simply get:
{
"Message": "No HTTP resource was found that matches the request URI 'http://<myuniqueid>.execute-api.eu-west-1.amazonaws.com/api/Sector/100'.",
"MessageDetail": "No type was found that matches the controller named 'Sector'."
}
If I remove the "Use HTTP Proxy integration" checkbox from the "Integration Request" I can get it working, but why doesn't it work as a proxy?
I suspect that this is caused by a known issue with the HTTP proxy integration. When you use an HTTP proxy integration, API Gateway passes all headers through to the integration endpoint, including the HOST header. Many existing http endpoint require the use of a HOST header which matches their DNS name and in such cases, passing through the HOST header of the API Gateway can confuse the endpoint.
UPDATE: We identified a work-around for this issue.
In your integration request, explicitly add a header named "Host" and give it the value of the integration endpoint DNS name. This will replace the Host header forwarded from the incoming client request with the Host header you specify. This should allow your backend endpoint to function correctly.
I'm trying to use Apiary to document my API and test requests but I keep getting a response 504 Proxy Request Timed Out.
My API is running on my machine under http://localhost:3000/ and I specified that under the HOST metadata.
When I click compare under the call, it shows that Apiary added a header "host" that specifies a user specific proxy.
Is there something I am missing or does Apiary just not like localhosts?
Because the proxy remotely calls your specified HOST, you cannot directly call localhost. You could could use https://ngrok.com and set up a tunnel and use the tunnel URL as the HOST.