API Gateway Deployment
API Gateway is an optional service through which REST API calls are made. The following
figure depicts the API Gateway :
Pre Deployment
Perform the following before deployment:- Configure INTERNAL_DOMAIN_NAME and EXTERNAL_DOMAIN_NAME custom login properties for a sponsor. This allows PEM applications to identify the right domain to use in email correspondence with sponsor and partner users. If DUAL_LOGIN_URL property is set to true, use the same domain name and ensure the properties are defined. For more information, see Configuring custom login properties .
- API Gateway is exposed via a new domain or subdomain. This domain is different from the domains
used by PEM and PR.Note: This domain must be accessible via PEM Portal.
For example: If the PEM domain is pem-prod.company.com, then API Gateway domain is apigateway-prod.company.com
- If you're using a Reverse proxy or load balancer, modify the routing rules to ensure API calls
are going through API Gateway. For more details, refer the API Gateway diagram above.For example:
- PEM domain -> pem.com
-
PR domain -> pr.com
- PP domain -> pp.com
- PEM, Partner Repository, Partner Provisioner login API calls are sent directly to the application containers from the reverse proxy or load balancer.
-
PEM, Partner Repository, Partner Provisioner UI calls should are sent directly to the application containers from the reverse proxy or load balancer.
- API calls with contexts mrmws, mdrws, pemws (except the login calls) are sent to the API Gateway.
- Add new set of rules to support the /rest context (referred in the diagram as Single context APIs). The rule for this context needs to be added for the PEM, Partner Repository, and the apigateway domain.
- Add rules to ensure backward compatibility rules for mdrws, pemws, mrmws for the new apigateway domain (referred as deprecated APIs).
For example, consider the following route configuration for Apache Reverse Proxy:
<For old domains> // Load Balancers <Proxy balancer://pem-cluster> // PEM cluster BalancerMember https://<PEM Hostname 1> loadfactor=1 ping=10 retry=10 route=pemapp1 BalancerMember https://<PEM Hostname 2> loadfactor=1 ping=10 retry=10 route=pemapp2 ProxySet lbmethod=bytraffic ProxySet stickysession=ROUTEID </Proxy> <Proxy balancer://api-gateway-cluster> // API Gateway cluster BalancerMember https://<API Gateway Hostname 1> loadfactor=1 ping=10 retry=10 route=pemapi1 BalancerMember https://<API Gateway Hostname 2> loadfactor=1 ping=10 retry=10 route= pemapi2 ProxySet lbmethod=bytraffic </Proxy> // Direct UI requests to PEM servers <PEM UI, PP UI> <Location /TestSponsor> ProxyPass balancer://pem-cluster/TestSponsor ProxyPassReverse balancer://pem-cluster/TestSponsor </Location> // Direct Login API request to PEM servers <PEM Login, PR Login> <LocationMatch "^\/mrmws\/sponsors\/TestSponsor\/user\/signin.*$" > ProxyPass balancer://pem-cluster ProxyPassReverse balancer://pem-cluster </LocationMatch> // Direct all ‘mrmws’ API requests to API Gateway servers <PEM APIs> <Location /mrmws/sponsors/TestSponsor> ProxyPass balancer://api-gateway-cluster/mrmws/sponsors/TestSponsor ProxyPassReverse balancer://api-gateway-cluster/mrmws/sponsors/TestSponsor </Location> // Direct all ‘pemws’ API requests to API Gateway servers <PEM APIs> <Location /pemws/sponsors/TestSponsor > ProxyPass balancer://api-gateway-cluster/pemws/sponsors/TestSponsor ProxyPassReverse balancer://api-gateway-cluster/pemws/sponsors/TestSponsor </Location> // Direct all 'mdrws' API requests to API Gateway servers <PR APIs> <Location /mdrws/sponsors/TestSponsor > ProxyPass balancer://api-gateway-cluster/mdrws/sponsors/TestSponsor ProxyPassReverse balancer://api-gateway-cluster/mdrws/sponsors/TestSponsor </Location> // Direct all 'rest' context API requests to API Gateway servers <Single Context APIs> <Location /rest > ProxyPass balancer://api-gateway-cluster/rest ProxyPassReverse balancer://api-gateway-cluster/rest </Location> //Below Two rules are for Single context Documentation <LocationMatch "^/rest/doc/([^/]+)/(.+)" > ProxyPass balancer://api-gateway-cluster/rest/$2 ProxyPassReverse balancer://api-gateway-cluster/rest/$2 </LocationMatch> <LocationMatch "^/rest/doc/([^/]+)/(swagger-resources.*)" > ProxyPass balancer://api-gateway-cluster/$2 ProxyPassReverse balancer://api-gateway-cluster/$2 </LocationMatch> <For new Gateway domain> // Load Balancers <Proxy balancer://api-gateway-cluster> // API Gateway cluster BalancerMember https://<API Gateway Hostname 1> loadfactor=1 ping=10 retry=10 route=pemapi1 BalancerMember https://<API Gateway Hostname 2> loadfactor=1 ping=10 retry=10 route= pemapi2 ProxySet lbmethod=bytraffic </Proxy> <Location /rest > // Direct all 'rest' context API requests to API Gateway servers ProxyPass balancer://api-gateway-cluster/rest ProxyPassReverse balancer://api-gateway-cluster/rest </Location> -
The single context method of calling APIs is only available if API Gateway container is started. To access single context APIs and read documentation available at https://<hostname>/rest/doc/<sponsor-context>/swagger-ui.html set the following rules:
<LocationMatch "^/rest/doc/([^/]+)/(.+)" > ProxyPass balancer://svtgateway_cluster/rest/$2 ProxyPassReverse balancer://svtgateway_cluster/rest/$2 </LocationMatch> <LocationMatch "^/rest/doc/([^/]+)/(swagger-resources.*)" > ProxyPass balancer://svtgateway_cluster/$2 ProxyPassReverse balancer://svtgateway_cluster/$2 </LocationMatch>
Deployment
For deployment of the API Gateway, seeDeploy API Gateway .
Post Deployment
Perform the following to ensure the API Gateway is configured:-
If you have a partner repository instance, login as sponsor admin, go to Settings > System properties menu and update the PEM and PR URL to point to the API Gateway domain.
- Test the API Gateway. For more information, seeAPI Gateway Test .
- Migrate the APIs to API Gateway. For more information, seeMigrating Activity Definition .