Deployment overview for endpoints and certificates

When deploying API Connect, you will create one or more endpoints for the subsystems and then configure certificates or mutual TLS for most endpoints.

Configuring endpoints

The endpoints are configured by the installation Operator. They are set for each subsystem. Endpoints are also entered when configuring the Topology for the Gateway, Portal, and Analytics subsystems in Cloud Manager.

For instructions on configuring endpoints and installing into a Kubernetes environment, see Installing API Connect.

Subsystem Endpoints Description Certificates
Management admin Configured using installation Operator. Endpoint on the management server for communication with the Cloud Manager user interface. cloud-admin-ui
  manager Configured using the installation Operator. API Manager URL endpoint on the management server for communication with the API Manager user interface. api-manager-ui
  consumer Configured using the installation Operator. Platform REST API endpoint for running consumer APIs on the management server. consumer-api
  api Configured using the installation Operator. Platform REST API endpoint for running admin and provider APIs on the management server. platform-api
  hub Automated Testing Behavior UI and API endpoint. External Frontend/Ingress, port 443 hub-endpoint
  turnstile Automated Testing Behavior UI and API endpoint. External Frontend/Ingress, port 443 turnstile-endpoint
Portal api.portal Configured using the installation Operator. Corresponds to Management Endpoint entered in Cloud Manager. Requires a TLS profile configured with mutual TLS. mutual TLS
  portal Configured using the installation Operator. Portal Web site URL entered in Cloud Manager. Used publicly to access Portal. portal-www-ingress
Analytics ai Configured using the installation Operator. The analytics-ingestion endpoint is used by the Gateway service to push data to the Analytics service. Requires a TLS profile configured with mutual TLS. mutual TLS
Gateway rgwd (API Gateway)

gwd (v5-compatible Gateway service)

Configured using the installation Operator. This is the endpoint the gateway uses for network communication. Enter this endpoint as the Management Endpoint entered in Cloud Manager. apic-gw-service-ingress

Configuring certificates

The certificates are configured by the Cert-Manager. The certificates for the endpoints are usually configured as custom certificates as described in Custom certificates on Kubernetes.

Configuring mutual TLS

Mutual TLS is configured for TLS profiles in Cloud Manager. See Creating a TLS Server Profile.

Configuring a proxy

If a Developer Portal is deployed externally to the management server zone, it does not have access to the consumer and product APIs. You need to configure a proxy to enable communication. For more information, see Configuring a proxy.