Deployment overview for endpoints and certificates

When deploying API Connect, you must define endpoints for the subsystems. TLS certificates are automatically generated for all endpoints, but you can configure custom certificates for the user-facing endpoints.

Configuring endpoints

The endpoints are defined for each subsystem during installation. See Installing API Connect.

Subsystem Endpoints Description Certificates
Management admin Endpoint on the management server for communication with the Cloud Manager user interface. cloud-admin-ui
  manager API Manager URL endpoint on the management server for communication with the API Manager user interface. api-manager-ui
  consumer Platform REST API endpoint for running consumer APIs on the management server. consumer-api
  api Platform REST API endpoint for running admin and provider APIs on the management server. platform-api
  consumer catalog Consumer Catalog URL endpoint on the management server for communication with the Consumer Catalog UI. consumer-catalog
  hub Automated Testing Behavior API endpoint. External Ingress, port 443 hub-endpoint
Portal api.portal Corresponds to Management Endpoint entered in Cloud Manager. Requires a TLS profile configured with mutual TLS. mutual TLS
  portal Portal Web site URL entered in Cloud Manager. Used publicly to access Portal. portal-www-ingress
Analytics ai The analytics-ingestion endpoint is used by the Gateway service to push data to the Analytics service. Requires a TLS profile configured with mutual TLS. mutual TLS
Gateway rgwd (API Gateway)

gwd (v5-compatible Gateway service)

This is the endpoint the gateway uses for network communication. Enter this endpoint as the Management Endpoint entered in Cloud Manager. apic-gw-service-ingress

Configuring certificates

The certificates are configured automatically by cert-manager. The certificates for the user-facing endpoints can be customized, see Customizing user-facing certificates.

Configuring mutual TLS

Mutual TLS is used for communication between API Connect subsystems. Configure inter-subsystem communication in your TLS profiles in the Cloud Manager UI. See Creating a TLS Server Profile.

Configuring a proxy

If a Developer Portal is deployed externally to the management server zone, it does not have access to the consumer and product APIs. You need to configure a proxy to enable communication. For more information, see Configuring a proxy.