Securing an integration service that uses a JavaScript client API

When an integration service is accessed by a JavaScript client API, you can ensure the integrity and confidentiality of the data that is sent between the integration service and the JavaScript application that calls the integration service.

Before you begin

Complete the following steps:
  1. Generate a JavaScript client API for your integration service; see Generating a JavaScript client API for an integration service.
  2. Develop a JavaScript application that calls the integration service; see Calling an integration service by using a JavaScript client API.

About this task

You can secure a SOAP/HTTP binding by using WS-Security (see WS-Security), but this mechanism is not available for use by the JavaScript client API.

Note: If you developed a web browser-based JavaScript application, and IBM App Connect Enterprise and the web server that hosts the HTTP proxy servlet are on the same computer, you might want to secure only the connection between the web browser and the web server. However, if the HTTP proxy servlet receives data over SSL, then it must also forward the data to its destination over SSL. Therefore, to communicate with an integration service hosted on IBM App Connect Enterprise over a secure connection between a web browser and the HTTP proxy servlet, you must also secure the connection between the HTTP proxy servlet and the integration service.

If you want complete end-to-end security between the web browser and the integration service, you must also secure the connection to the IBM MQ queue manager. For more information about securing IBM MQ queue managers, search for Data integrity in the IBM MQ product documentation.

To secure the data that is sent between an integration service and a JavaScript application that calls the integration service, you must complete the following tasks:

Procedure

  1. Obtain a certificate from a certificate authority, and ensure that the certificate is available in the following formats:
    • JKS format for IBM App Connect Enterprise.
    • PEM format, if you are securing a Node.js application.
    • The certificate formats that are supported by your web browser and web server, if you are securing a web browser-based JavaScript application.
    Note: You can use a self-signed server certificate for testing purposes. For more information about certificates and certificate authorities, see Digital certificates.
  2. Define a public key infrastructure (PKI) for IBM App Connect Enterprise and configure the PKI with the JKS keystore and truststore; see Setting up a public key infrastructure.
    Note: If you have a web browser-based JavaScript application, you must define the PKI at the integration node level, or the integration node listener level (not at the integration server level or embedded listener level) because the HTTP proxy servlet is using the integration node listener.
  3. Configure the integration service to use HTTPS; see Securing integration services by using SSL.
  4. Optional: If you are using a Node.js JavaScript application to call the integration service, then configure the Node.js application to use SSL; see Configuring a Node.js application to access an integration service by using SSL.
  5. Optional: If you are using a web browser-based JavaScript application to call the integration service, then configure the web browser-based application to use SSL; see Configuring a web browser-based JavaScript application to access an integration service by using SSL.

Results

You have secured an integration service that uses a JavaScript client API.