Deployment overview for endpoints

When deploying API Connect, you will create one or more endpoints for the subsystems and then configure certificates or mutual TLS for most endpoints.

Configuring endpoints

Subsystem Endpoints Description Certificates
Management cloud-admin-ui Configured using the apicup command. Endpoint on the management server for communication with the Cloud Manager user interface. cloud-admin-ui
  api-manager-ui Configured using the apicup command. API Manager URL endpoint on the management server for communication with the API Manager user interface. api-manager-ui
  consumer-api Configured using the apicup command. Platform REST API endpoint for running consumer APIs on the management server. consumer-api
  platform-api Configured using the apicup command. Platform REST API endpoint for running admin and provider APIs on the management server. platform-api
  hub Automated Testing Behavior API endpoint. External Ingress, port 443 hub-endpoint
  consumer-catalog-ui Configured using the apicup command. Consumer Catalog URL endpoint on the management server for communication with the Consumer Catalog User Interface consumer-catalog-ui
Portal portal-admin Configured using the apicup command. Corresponds to management endpoint entered in Cloud Manager. Requires a TLS profile configured with mutual TLS. mutual TLS
  portal-www Configured using the apicup command. Portal Web site URL entered in the Cloud Manager UI. Used publicly to access Portal. portal-www-ingress
Analytics analytics-client This is a legacy certificate, it is not used from v10.0.5 onwards. mutual TLS
  analytics-ingestion Configured using the apicup command. The analytics-ingestion endpoint must be entered in the Cloud Manager UI when registering the analytics service. It is also used by the gateway service to push data to the analytics service. Requires a TLS profile configured with mutual TLS. mutual TLS
Gateway apic-gw-service Configured using the apicup command. This is the endpoint the gateway uses for network communication. Enter this endpoint as the management endpoint entered in Cloud Manager UI. apic-gw-service-ingress
  api-gateway Configured using the apicup command. This is the endpoint the gateway uses for API traffic. Enter this endpoint as the API Invocation Endpoint in Cloud Manager UI. api-gateway-ingress

The endpoints are configured by the installation Operator. They are set for each subsystem. Endpoints are also entered when configuring the topology for the Gateway, Portal, and Analytics subsystems in Cloud Manager.

For instructions on configuring endpoints and installing into an OVA environment, see Installing API Connect.

Configuring certificates

All TLS certificates are automatically generated, but you can customize your user-facing certificates, see API Connect TLS certificate best practices.

Configuring mutual TLS

Mutual TLS is used for communication between API Connect subsystems. Configure inter-subsystem communication in your TLS profiles in the Cloud Manager UI. See Creating a TLS Server Profile.

Configuring a proxy

If a Developer Portal is deployed externally to the management server zone, it does not have access to the consumer and product APIs. You need to configure a proxy to enable communication. For more information, see Configuring a proxy.