I am trying out 3Scale API Management. I would like to have the API gateway running on-premise in Docker container and test with 3Scale API Portals by Red Hat evaluation.
A few questions:
How are the communication done between API Gateway and API Portal?
Is it the API gateway that request the configuration at startup from API Portal or is it API Portal that pushes the configuration to the gateway?
Reason of thinking is that the API Gateway is behind firewall(s) and to communicate to internet (API Portal) it uses a proxy.
If API Gateway communicates with API Portal - how can I configure proxy server in with Docker?
I got the answer in another forum:
The communication between the API Gateway and the API Manager uses two
APIs :
- the Service Management API to ask for authorization and report usage
- the Account Management API (read-only) to get the list of available APIs and their configuration
The Service Management API is at su1.3scale.net (port 443) whereas the
Account Management API is at
The configuration is retrieved by polling the Account Management API.
For reference: https://groups.google.com/forum/#!topic/3scale-api-management-by-red-hat/EXhrVUfKOtY
Related
I am looking to host my REST APIs on GKE (microservices), I want other applications and services I develop to authenticate with these APIs using JWT with Spring Boot Security. I want to generate a JWT token from a Google Cloud Service Account from a Google Cloud project and use this to authenticate with my APIs. My question is, is this possible to secure the API's that I develop to allow a JWT token to authenticate against Google Cloud IAM (Service Account). An example on the Spring side would be most helpful..
I am looking to something similar to what you can do in App Engine with the ESP..
You can follow the Google official documentation:
Authentication between services
You have to:
Created a Google Cloud project.
Created an OpenAPI document for your API.
Deployed your OpenAPI document.
Deployed the API backend.
The Api backend can be on Google Kubernetes Engine, Compute Engine, and the App Engine flexible environment. You have to deploy the Extensible Service Proxy (ESP) to Google Kubernetes Engine.
Deploying the API backend
We have developed a web application using angularjs and html5 and Node.js. This web application is hosted on Bluemix using the Node.js runtime. This web application calls an external RESTfull service (we are invoking the REST service using angularjs) which was developed by a third party. This REST API requires an HTTPS connection to call the service. The SSL certificate and certificate password are provided by the API development team. Our problem is how to configure the SSL certificate on Bluemix to call the external REST service over SSL from the web application. Can anyone please help us? Thanks in advance for your help.
To do this properly I would advice to create an API Management Service, where you add your external service as an API together with the SSL settings. You then call this API (proxy) without SSL from your node.js bluemix app.
The proxy will care for SSL, forward the request to the actual service implementation, and provide you also with debugging and analytics capabilities. With having API Management in place, you also benefit from a central place that manages your SSL certificates.
I want to expose a REST-ful service as an API to the outside world on Bluemix Public. Therefore I have a liberty app, containing a REST service implemented in JAX-RS.
Additionally I leverage the "API Management Service" to secure that app, via Plans, Authentication etc. So thanks to the API Management Gateway I have a secure proxy to my service exposed.
Yet, the app that provides my service remains accessible to the outside via the Bluemix route. So, it can be called without any credentials or whatsoever.
Is there a way, to only have my API Management gateway access the service implementation app?
One approach would be to delete the route of the service implementing app, but how would you then bind the API Management to the service?
Happy to hear your thoughts or alternative solutions.
If your API is running on Bluemix Public as a Cloud Foundry application, there is currently not a way to create a route such that it is only accessible by the API management service, but not the the outside world. You should implement security within your jax-rs application (easy to with web.xml security-constraint) and add those credentials to APIm service if you still want to use APIm to get monitoring, throttling, discovery, etc.
Another option would be to deploy the application in a VM and then use Secure Gateway to connect to it:
https://github.com/IBM-Bluemix/onprem-integration-demo
I have an existing on-premise REST API from an external vendor. I'd like to expose this API unmodified to the outside world through an Azure website. So I have customers that run this API on-premise and I'm developing a PaaS/SaaS app that should access these on-premise API's.
I also have a client SDK from the external vendor that calls the API. Works without issues when running on-premise. However, now I want to use this SDK from my Azure website.
How do I route REST service calls generated by the SDK to the on-premise API? I thought about using Azure Service Bus WebHttpRelayBinding but this seems to require a WCF contract which I do not have.
In other words: is there a way to send unmodified HTTP traffic to an on-premise system from Azure (through Azure Service Bus or by any other means)?
If you want to access an On-Premise service from the Azure service/websites what you need is a Hybrid Connection.
For that you will need a BizTalk service to redirect the trafic to your on-prem service.
Here are the steps to how to setup a Hybrid connection:
https://azure.microsoft.com/en-us/documentation/articles/web-sites-hybrid-connection-get-started/
I have created an API via basic secure connector (SOAP). The API works but I am wondering why I can't retrieve the endpoint URL from VCAP_SERVICES. Anything I miss here?
Are you using the secure connector portion of the Cloud Integration service in Bluemix? You might want to try the Secure Gateway service, which is newer and is basically just the secure connector as a standalone service without the rest of Cloud Integration.
"Reaching enterprise backend with Bluemix Secure Gateway via console" explains how to set up a Secure Gateway instance. When you create a destination, that creates an integration.ibmcloud.com URL that your app can then use to connect to your destination via the gateway. The gateway is a proxy, preserving the interface, so the cloud host URL has the same API as the destination host.