Enabling the API Connect plug-in on Backstage

Install and configure the API Connect plug-in on Backstage.

The API Connect plug-in on Backstage provides a centralized view of all your APIs and products across multiple API Connect clouds, provider organizations, and catalogs. This tool is designed to give API teams a comprehensive overview of their API assets, which provides easier management and monitoring. It serves as a platform for teams to keep track of their infrastructure and microservices. For more information about Backstage, see Official Backstage documentation.

Prerequisites

To configure the API Connect plug-in successfully on Backstage, the following requirements must be met:

  • A working Backstage application must be installed and configured.
    Note: Backstage is an external service and needs to be installed on a separate server that is external to API Connect. You do not need to make any changes to the API Connect deployment to set up the Backstage plug-in.
  • The API Connect support agreement covers only the API Connect plug-in. The customer is responsible for the deployment and installation of the Backstage server.

Installing the API Connect plug-in for Backstage

  1. Open https://github.com/ibm-apiconnect/backstage.
  2. Clone the repository or download it as a zip file to get the install files.
  3. Unpack the ibm-apic-backstage-plugin.tar.gz zip archive into the plugins directory.
    tar -xvf ibm-apic-backstage-plugin.tar.gz -C <backstage_app_base_path>/plugins
  4. From the Backstage app base path, run the following command: 
    yarn --cwd packages/backend add apic-backstage@^1.0.0

Configuring Backstage to use the API Connect plug-in

  1. For the API Connect instance you want to configure, add the following details for a provider organization at the end of app-config.yaml file:
    • Name
    • URL
    • ClientID
    • ClientSecret
    • Username
    • Password
    • identityProvider
    • apiKey
    For example,
    ibm:
 schedule: '*/10 * * * *'
 apic:
    - name: apic-instance-1
      url: https://api.<instance1>.com/api
      clientId: '<instance1-clientID>'
      clientSecret: '<instance1-clientSecret>'
      username: '<instance1-porg-user>'
      password: '<instance1-porg-pwd>'
      identityProvider: 'default-idp-2' # Default Local User Registry
    - name: apic-instance-2
      url: https://api.<instance2>.com/api
      clientId: '<instance2-clientID>'
      clientSecret: '<instance2-clientSecret>'    
      apiKey: my-api-key  # OIDC registry
    Here,
    URL
    The value that corresponds to the endpoint.
    client_id
    The value that corresponds to the cliendId.
    client_secret
    The value that corresponds to the clientSecret.
    identityProvider
    This value can be obtained by running the following API Connect CLI command:
    apic identity-providers:list --scope provider --server myserver.com --fields title,realm
    apikey
    The value that corresponds to the generated apiKey.
    The credentials.json for apic-instance-1 in this code is:
    {
  "cloud_id": "<instance1-cloudID>",
  "toolkit": {
    "endpoint": "https://api.<instance1>com/api",
    "client_id": "<instance1-clientID>",
    "client_secret": "<instance1-clientSecret>"
  },
  "consumer_toolkit": {
    ...
  },
  ...
}
    Note: Download the toolkit credentials to find the values of the URL, ClientId, and ClientSecret. For more information, see https://www.ibm.com/docs/en/api-connect/10.0.x?topic=configuration-installing-toolkit#task_qsv_cgq_nt__download_creds.

    You can configure API Connect by using the local user registry or the OIDC user registry.

    • Using a local user registry

      If the user details are in a local user registry, you must provide the identityProvider details, username, and password as shown in the example for apic-instance-1.

    • Using an OIDC registry

      If the user details are located in an OIDC registry, you must provide the apiKey details. Use the following instructions to add the API key:

      1. Edit the time period for when the API key expires, and authorize it to be used multiple times. For more information, see Configuring API key settings.

      2. Create an API key. For more information, see Managing platform REST API keys.
      3. Add the generated API key to the configuration which is shown in the example for apic-instance-2.
    Note: The username, password, or the apiKey are for a provider organization member. In this example, it is assumed that there is only a single user who is a member of each provider organization. To add the user to the Backstage instance, the user must at least have the Viewer role for each provider organization. The user can also be a member of more than one provider organization.
  2. For the Backstage application, edit packages/backend/src/index.ts and add the following code at the end of the file:
    backend.add(import('@internal/apic-backstage'));