Lightweight Gateway tutorial
Try the Lightweight Gateway by using the provided API definition to create a product and publish it, and then test the API.
Download the CLI toolkit and log in
For this preview, the UI is unavailable so you must work with the Lightweight Gateway using the API Connect CLI toolkit.
- Download the toolkit and set it up as explained in Downloading the toolkit.
- Log in to API Connect as explained in Logging in to the toolkit.
Create a catalog to use with this tutorial
When you create a catalog, the Lightweight Gateway is associated with it automatically.
Create a catalog using the catalog.yaml data file:
./apic -s <platform_endpoint_url> catalogs:create -o <org_name> catalog.yaml
Data file: Create a YAML file called catalog.yaml with the following content:
name: previewcatalog
Example:
- Command:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com catalogs:create -o lwgw-demo catalog.yaml
- Response:
previewcatalog https://platform-api.us-east-a.apiconnect.test.automation.ibm.com/api/catalogs/1273ce81-ef2c-4d01-96c4-5f33c1af119e/e80bfea1-bf1d-4af1-9d60-4fa1c16e836f
Add a TLS client profile to the provider organization
Create a TLS client profile and add it to your provider organization. The TLS client profile is used for authentication when the API is invoked.
- Create a TLS client profile using the tlsclientprofile.yaml file, and save
the
TLS_PROFILE_URL
to an environment variable:TLS_PROFILE_URL=$(./apic -s <platform_endpoint_url> tls-client-profiles:create -o <org_name> tlsclientprofile.yaml --format json | jq '.url')
Data file: Create a YAML file called tlsclientprofile.yaml with the following content:
ciphers: - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - TLS_AES_128_GCM_SHA256 - ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ECDHE_ECDSA_WITH_AES_128_CBC_SHA - ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ECDHE_RSA_WITH_AES_256_CBC_SHA384 - ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ECDHE_RSA_WITH_AES_256_CBC_SHA - ECDHE_RSA_WITH_AES_128_CBC_SHA - DHE_RSA_WITH_AES_256_GCM_SHA384 - DHE_RSA_WITH_AES_256_CBC_SHA256 - DHE_RSA_WITH_AES_128_GCM_SHA256 - DHE_RSA_WITH_AES_128_CBC_SHA256 - DHE_RSA_WITH_AES_256_CBC_SHA - DHE_RSA_WITH_AES_128_CBC_SHA title: httpd name: httpd version: 1.0.0 summary: '' insecure_server_connections: false server_name_indication: true protocols: - tls_v1.2 - tls_v1.3
Example:
TLS_PROFILE_URL=$(./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com tls-client-profiles:create -o lwgw-demo tlsclientprofile.yaml ---format json | jq '.url')
- Add the TLS client profile to the catalog using the
configuredtlsclientprofile.yaml
file:
./apic -s <platform_endpoint_url> configured-tls-client-profiles:create -o <org_name> -c <catalog_name> --scope catalog configuredtlsclientprofile.yaml
Data file: Generate a YAML file called configuredtlsclientprofile.yaml:
echo "{tls_client_profile_url: $TLS_URL}" > configuredtlsclientprofile.yaml
Example:
- Command:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com configured-tls-client-profiles:create -o lwgw-demo -c previewcatalog --scope catalog configuredtlsclientprofile.yaml
- Response:
httpd:1.0.0 https://platform-api.us-east-a.apiconnect.test.automation.ibm.com/api/catalogs/1273ce81-ef2c-4d01-96c4-5f33c1af119e/e80bfea1-bf1d-4af1-9d60-4fa1c16e836f/configured-tls-client-profiles/c1b1d8a8-9843-40a8-9f5e-a65f5ebcaf1e
- Command:
Stage a product to the catalog
Staging a product deploys a copy of it to the target catalog without making the product visible to any developers.
Stage the product using the oai3ipProduct.yaml
product file and the
demo
API file, and save the PRODUCT_URL
in an environment
variable:
PRODUCT_URL=$(./apic -s products:publish -c <catalog_name> -o <org_name> --stage <path_to_product_yaml> --format json | jq '.url')
Data file: Create a YAML file called demo.yaml
with the following content:
info:
version: 1.0.0
title: lwgw-product-demo
name: lwgw-product-demo
gateways:
- lightweight-gateway
plans:
default-plan:
title: Default Plan
description: Default Plan
rateLimitMap:
plan-limit: default
components:
rateLimits:
default:
- max: 100
intervalLen: 1
intervalUnit: hour
apis:
demo:
$ref: demo.yaml
visibility:
view:
type: public
orgs: []
tags: []
enabled: true
subscribe:
type: authenticated
orgs: []
tags: []
enabled: true
product: 1.0.0
Data file: Create a YAML filed called lwgw-product-demo.yaml
with the following
content:
openapi: 3.0.2
servers:
- url: "/demo"
info:
title: Demo
description: Demonstrate the capabilities of the lightweight gateway
version: 1.0.0
x-ibm-name: demo
x-ibm-summary: Demo API
x-ibm-configuration:
gateway: lightweight-gateway
compatibility:
suppress-limitation-errors: true
assembly:
catch: []
execute:
- parse:
documentType: json
input: request
- validate:
mode: openapi-request-body
- setVar:
variable:
name: arg
value: '$header("request", "x-arg")'
- invoke:
output: response
targetUrl: 'https://herald-backend/$(arg)'
timeout: 60
verb: keep
tlsClientProfile: 'httpd'
- parse:
documentType: json
input: response
- validate:
input: response
mode: openapi-response-body
- setVar:
messageHeader:
headerName: my-header-name
messageName: response
value: '123'
finally: []
tags:
- name: demo
description: good for demo purposes
paths:
"/test":
post:
responses:
default:
description: ensure response meets schema expectations
content:
application/json:
schema:
"$ref": "#/components/schemas/MyResponse"
requestBody:
description: Create a new pet in the store
required: true
content:
application/json:
schema:
"$ref": "#/components/schemas/Object"
components:
schemas:
Object:
type: object
MyResponse:
type: object
properties:
headers:
type: object
properties:
Format:
type: array
items:
type: string
enum:
- simple
- complex
json:
type: object
properties:
pet-name:
type: string
pet-type:
type: string
enum:
- dog
- bird
Example:
PRODUCT_URL=$(./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com products:publish -c previewcatalog -o lwgw-demo --stage lwgw-product-demo.yaml --format json | jq '.url')
Publish the product
Publishing a product deploys a static version of the product and API to the catalog, and makes it visible to other developers who work in that catalog. After you publish the product, you can retire it from use, and then stage it to the catalog again for use in the rest of this tutorial.
Publish the product using the updatestate.yaml
file:
./apic -s <platform_endpoint_url> products:update -c <catalog_name> -o <org_name> <product_name>:<product_version> --scope catalog updatestate.yaml
Data file: Create a YAML file called updatestate.yaml
with the following
content:
state: published
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com products:update -c previewcatalog -o lwgw-demo lwgw-product-demo:1.0.0 --scope catalog updatestate.yaml
Optional steps to retire and then stage the API again:
- Retire the product using the
retire.yaml
file:/apic -s <platform_endpoint_url> products:update -c <catalog_name> -o <org_name> <product_name>:<product_version> --scope catalog retire.yaml
Data file: Create a YAML file called
retire.yaml
with the following content:state: retired
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com products:update -c previewcatalog -o lwgw-demo lwgw-product-demo:1.0.0 --scope catalog retire.yaml
- Stage the retired product using the
staged.yaml
file:./apic -s <platform_endpoint_url> products:update -c <catalog_name> -o <org_name> <product_name>:<product_version> --scope catalog staged.yaml
Data file: Create a YAML file called
staged.yaml
with the following content:state: staged
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com products:update -c previewcatalog -o lwgw-demo lwgw-product-demo:1.0.0 --scope catalog staged.yaml
Create a user
Create a user who will consume the API product. When you create a client app that calls the API in a later step, it requires a consumer organization with at least one user.
- List the available user registries for your provider
organization:
./apic -s <platform_endpoint_url> user-registries:list -o <org_name>
Example:
- Command:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com user-registries:list -o lwgw-demo
- Response:
previewcatalog-catalog https://platform-api.us-east-a.apiconnect.test.automation.ibm.com/api/user-registries/1273ce81-ef2c-4d01-96c4-5f33c1af119e/e24e1568-0f83-484d-8d1e-86376e1b26d2 sandbox-catalog https://platform-api.us-east-a.apiconnect.test.automation.ibm.com/api/user-registries/1273ce81-ef2c-4d01-96c4-5f33c1af119e/243d3bc3-9afd-4d31-b698-893fe3aa0b5f ibm-verify-test https://platform-api.us-east-a.apiconnect.test.automation.ibm.com/api/user-registries/1273ce81-ef2c-4d01-96c4-5f33c1af119e/ab3e089f-20f9-4b85-b74a-448eb5ae284c
- Command:
- Add a user to the
previewcatalog-catalog
registry using theuser.yaml
file, and save theOWNER_URL
in an environment variable:OWNER_URL=$(./apic -s <platform_endpoint_url> users:create -o <org_name> --user-registry <user_registry_name> user.yaml --format json | jq '.url')
Data file: Create a YAML file called
user.yaml
with the following content:username: johnpreview email: john.preview@us.ibm.com first_name: John last_name: Preview password: usermustchangePassw0rd!
Example:
OWNER_URL=$(./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com users:create -o lwgw-demo --user-registry previewcatalog-catalog user.yaml --format json | jq '.url')
- List the users in the registry to verify that your new user was
added:
./apic -s <platform_endpoint_url> users:list -o <org_name> --user-registry <user_registry_name>
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com users:list -o lwgw-demo --user-registry previewcatalog-catalog
Note the URL for your new user; you will need it when you add when you create a consumer organization in the next step.
Create a consumer organization with the new user
The consumer organization contains the list of application developers who can use your APIs. When you create a consumer organization, add a user registry and the people listed in that registry become members of the new consumer organization.
Use the provided data file to create a consumer organization using the
previewcatalog-catalog
registry, which includes your new user John Preview.
Create a consumer organization using the previewCorg.yaml
file:
./apic -s <platform_endpoint_url> consumer-orgs:create -o <org_name> -c <catalog_name> previewCorg.yaml
Data file: Generate a YAML file called previewCorg.yaml
:
echo "{name: previewCorg, owner_url: $OWNER_URL, title:previewCorg}" > previewCorg.yaml
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com consumer-orgs:create -o lwgw-demo -c previewcatalog previewCorg.yaml
Create a client app and subscribe it to the API
Create an application and subscribe it to an API. The app's credentials are verified when you call the API. You must complete the previous step to create the consumer organization before you can create an app.
For this tutorial, you will not need to set up a Developer Portal and create a full application to call the API. Instead, you can create a simple client app and call the API directly from the catalog.
- Create a client app using the
app.yaml
file:./apic -s <platform_endpoint_url> apps:create -o <org_name> -c <catalog_name> --consumer-org <consumer_org_name> app.yaml
Data file: Create a YAML file called
app.yaml
with the following content:name: apppreview
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com apps:create -o lwgw-demo -c previewcatalog --consumer-org previewCorg app.yaml
- Create a subscription using the
subscription.yaml
file (you must create the app before you can create a subscription):./apic -s <platform_endpoint_url> subscriptions:create -o <org_name> -c <catalog_name> --consumer-org <consumer_org_name> --app <app_name>
Generate the data file:
subscription.yaml
echo "{product_url: $PRODUCT_URL, plan: default-plan}" > subscription.yaml
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com subscriptions:create -o lwgw-demo -c previewcatalog --consumer-org previewCorg --app apppreview subscription.yaml
Verify that your commands worked
Check the results of your commands on the gateway. This will tell you if all commands have been applied or if there some still pending.
./apic -s <platform_endpoint_url> configured-gateway-services:get -o <org_name> -c <catlog_name> --scope catalog --fields "add(gateway_processing_status,events)" <gateway_name>
Example:
./apic -s platform-api.us-east-a.apiconnect.test.automation.ibm.com configured-gateway-services:get -o lwgw-demo -c previewcatalog --scope catalog --fields "add(gateway_processing_status,events)" lightweight-gateway
Test the API with the Lightweight Gateway
Use curl
to run some quick API calls and see how the Lightweight Gateway behaves.
Copy and run each command:
- Bad Request - Does not parse
request
curl -v --header "Content-Type: application/json" --request POST --data '["foo", "bar"' https://lwgw-product-demo-previewcatalog-lwgw-demo.apic-gwlw-000.apps.apic-d-j02.k93n.p1.openshiftapps.com/demo/test
This is a bad request because the ending
]
is missing from the array and the request cannot be parsed. - Bad Request - Does not validate
request
curl -v --header "Content-Type: application/json" --request POST --data '["foo", "bar"]' https://lwgw-product-demo-previewcatalog-lwgw-demo.apic-gwlw-000.apps.apic-d-j02.k93n.p1.openshiftapps.com/demo/test
This is a bad request because although the array is formatted correctly, the request schema dictates that the posted data must be a JSON object (not an array).
- Bad Response - Does not validate
response
curl -v --header "Content-Type: application/json" --header "Format: arcane" --request POST --data '{}' https://lwgw-product-demo-previewcatalog-lwgw-demo.apic-gwlw-000.apps.apic-d-j02.k93n.p1.openshiftapps.com/demo/test
This is a bad response because the Format header is returned as the string
arcane
by httpbin.org, which does not comply with the response schema requirement that /headers/Format must adhere to the Enum constraints ofsimple
orcomplex
. - Valid
Response
curl -v --header "Content-Type: application/json" --header "Format: simple" --request POST --data '{}' https://lwgw-product-demo-previewcatalog-lwgw-demo.apic-gwlw-000.apps.apic-d-j02.k93n.p1.openshiftapps.com/demo/test
This is a valid response because the Format header is returned as the string
simple
by httpbin.org, which complies with the response schema requirement that /headers/Format must adhere to the Enum constraints ofsimple
orcomplex
.