I have created an API via basic secure connector (SOAP). The API works but I am wondering why I can't retrieve the endpoint URL from VCAP_SERVICES. Anything I miss here?
Are you using the secure connector portion of the Cloud Integration service in Bluemix? You might want to try the Secure Gateway service, which is newer and is basically just the secure connector as a standalone service without the rest of Cloud Integration.
"Reaching enterprise backend with Bluemix Secure Gateway via console" explains how to set up a Secure Gateway instance. When you create a destination, that creates an integration.ibmcloud.com URL that your app can then use to connect to your destination via the gateway. The gateway is a proxy, preserving the interface, so the cloud host URL has the same API as the destination host.
Related
I have an application server running apache on EC2 and I have lots of REST APIs already setup and running on that server.
This server is on the internal network, so, the only access to this server is via VPN client.
I now want to expose some of those APIs to be accessible from the WWW.
This server has only an internal IP address.
I've being reading the API Gateway REST proxy documentation, but still cannot understand how to point API calls to my server.
Any help would be appriciated.
Can we use Two Way SSL feature using AWS API Gateway ? We want to use API Gateway as proxy for kinesis in our real-time streaming application.
Below is my requirement
The client make request to apigateway and apigateway needs to put the data in kinesis streams.
The only way to authenticate the clients is using two way SSL. our clients doesnt support other options.
Currently on-premise F5 loadbalancer does this work for us and we have tomcats running behind F5 placing data into kinesis.
Will i be able to achieve the same using API Gateway ? looks like even aws ELB seems to be not supporting this option.
I have taken a look at below link but this to authenticate API Gateway at server not apigateway authenticating the client.
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
Regards
Kalyan
API Gateway can authenticate itself to your back-end with TLS, as you have found, but it does not work in the opposite direction -- it does not support authenticating clients with TLS.
When trying to binding any Bluemix apps to a pre-configured Secure Gateway service, the Secure Gateway is not in the list of services which can be bound to apps. Is there a different way to bind a nodejs app to a Secure Gateway instance?
Applications can no longer be bound to the Secure Gateway service. Binding was possible in previous versions but provided no additional functionality to the application.
To have your application use the connectivity provided by Secure Gateway, your application simply needs to call the cloud host:port provided by your destination.
Corporate AS400 server having Application and database DB2 running. currently there is no reporting tool for this application.
Planning to create new application on IBM bluemix with PHP. how can I connect secure DB2 database with IBM bluemix API.
As commented by mustaccio, you have tagged your question with secure-gateway - have you seen the Bluemix secure gateway documentation?
About Secure Gateway
Last updated: 6 December 2016
The Secure Gateway service provides you with a secure way to access
your on-premises or cloud data from your Bluemix® application through
a secure passage.
How Secure Gateway works
As displayed in the following diagram, the
service works by using a client to connect to your Bluemix
organization. Next, you add the service to your Bluemix organization.
Then, by using the Secure Gateway UI or REST API you can begin
creating your gateway by connecting to your client and creating a
destination point to your on-premises or cloud data. To increase
security, you can add application-side Transport Layer Security (TLS),
which encrypts the data that travels from your app to the client. You
can extend this security with client-side TLS, which encrypts the data
from the client to the on-premises or cloud data. When you complete
your gateway configuration, you can monitor the behavior of your
gateways and destinations in the Secure Gateway Dashboard.
Source: https://console.ng.bluemix.net/docs/services/SecureGateway/sg_overview.html#sg_overview
The Secure Gateway documentation describes all the steps you need to follow to connect a Bluemix application to an internal service.
I want to expose a REST-ful service as an API to the outside world on Bluemix Public. Therefore I have a liberty app, containing a REST service implemented in JAX-RS.
Additionally I leverage the "API Management Service" to secure that app, via Plans, Authentication etc. So thanks to the API Management Gateway I have a secure proxy to my service exposed.
Yet, the app that provides my service remains accessible to the outside via the Bluemix route. So, it can be called without any credentials or whatsoever.
Is there a way, to only have my API Management gateway access the service implementation app?
One approach would be to delete the route of the service implementing app, but how would you then bind the API Management to the service?
Happy to hear your thoughts or alternative solutions.
If your API is running on Bluemix Public as a Cloud Foundry application, there is currently not a way to create a route such that it is only accessible by the API management service, but not the the outside world. You should implement security within your jax-rs application (easy to with web.xml security-constraint) and add those credentials to APIm service if you still want to use APIm to get monitoring, throttling, discovery, etc.
Another option would be to deploy the application in a VM and then use Secure Gateway to connect to it:
https://github.com/IBM-Bluemix/onprem-integration-demo