Configuring the API Connect Gateway Service
To enable API Connect to connect to and manage the API gateway on the DataPower® Gateway, configure the API Connect Gateway Service.
Before you begin
The API Connect Gateway Service is a service configuration in a DataPower domain. You must set up
the DataPower domain for the gateway service. When you use any interface except the GUI to define
the domain, you must explicitly define the
default
domain as a visible
domain.Note: The name of the DataPower domain where you configure the API Connect Gateway Service
must be the same on each DataPower Gateway.
Regardless of your API Connect setup, you must create the gateway peering for the API Connect Gateway Service.
About this task
When you configure the API Connect Gateway Service, provide the following settings.
- The connection between API
Connect and the DataPower Gateway.
- Local host and port of the management interface that API Connect uses to connect to and manage the API gateway. Beyond this port, the service uses four additional consecutive ports after the defined local port to bind to a loopback address. Therefore, ensure that there are no conflicts on all five consecutive ports that start from the defined local port.
- When API
Connect requires a secure connection, specify the existing
TLS client profile to use. To create a TLS client profile, see Creating a TLS client profile.The following restrictions apply to this profile.
- Keys and certificates are restricted to PEM and PKCS #12 formats.
- The validation credentials must use PEM formatted material.
- The SSL version 3 protocol versions is unsupported.
- API
Connect requires a secure connection to the DataPower service.
Specify the existing TLS server profile to use. To create a TLS server profile, see Creating a TLS server profile.The following restrictions apply to this profile.
- Keys and certificates are restricted to PEM and PKCS #12 formats.
- The validation credentials must use PEM formatted material.
- The SSL version 3 protocol versions is unsupported.
- The host and port for the HTTPS handler where client send transactions. The handler is created automatically.
- Whether to set compatibility to API
Connect version 5.
- When enable, the following configuration is necessary.
- The gateway peering that synchronizes distributed state and configuration data. By default, the
DataPower Gateway assigns the
default-gateway-peering
gateway peering. By default, this gateway peering is disabled. For more information, see Creating gateway peering instances. - The peer group mode to use for the SLM policy.
- When unicast, the IP unicast address or host alias.
- When multicast, the IP multicast configuration.
- The gateway peering that synchronizes distributed state and configuration data. By default, the
DataPower Gateway assigns the
- When disabled, the following configuration is necessary.
- The
default
gateway peering manager in the up and operation state. By default, thedefault
gateway peering manager is disabled. In the gateway peering manager, set which gateway peering instances to use for the following purposes. For more information, see Configuring the gateway peering manager.- The gateway peering that synchronizes distributed state and configuration data across peer group members.
- The rate limiting gateway peering that manages burst limits, rate limits, and count limits.
- The subscription gateway peering that manages subscribers.
- Optionally specify user-defined policies to advertise to API Connect. For more information, see Configuring an assembly function.
- The
- When enable, the following configuration is necessary.
The compatibility mode controls the gateway type that provides service for API
Connect.
- When V5 compatible, the DataPower service is a Multi-Protocol Gateway. For a
working integration, the following considerations apply.
- The Application Optimization Module must be installed and activated.
- Statistics must be enabled for the domain.
- The configuration sequence is not required or used.
- Analytics automatically configured.
- The gateway peering instance that defines the storage to hold the configuration data from API Connect, peers of the API gateway, and peering settings to synchronize the distributed state among peers.
- The peer group mode to use for the SLM policy must be defined. The available modes are
auto-unicast, unicast, and multicast. The default setting is auto-unicast.
- When auto-unicast, the system chooses an IP unicast address based on the configuration of the XML management interface.
- When unicast, the IP unicast address or a host alias must be defined.
- When multicast, the IP multicast object that handles the exchange data among the peers must be defined.
- When not V5 compatible, the DataPower service is an API Gateway, which
is not compatible with V5. For a working integration, the following considerations apply.
- The Application Optimization Module is not required.
- Statistics do not need to be enabled for the domain.
- The configuration sequence must be defined to manage the API Gateway configuration. A configuration sequence is a script-based way to create, modify, and delete configurations on the DataPower Gateway. For more information, see Configuration sequence.
- Analytics must be configured as discussed in API analytics. After configuring, messages for previous events are sent to the remote Elasticsearch server.
- The
default
gateway peering manager in the up and operation state and sets which gateway peering instances to use for the following purposes.- The API Connect Gateway Service gateway peering that synchronizes distributed state and configuration data across peer group members.
- The rate limiting gateway peering that manages burst limits, rate limits, and count limits.
- The subscription gateway peering that manages subscribers.
- Optionally, you can use assembly functions to specify user-defined policies to advertise to API Connect for use in the API Connect Assembly Editor. For an assembly function that is a user-defined policy, configure the assembly function with a mechanism other than a watched file processed by a configuration sequence. Objects created through configuration sequence processing are not persisted to the startup configuration. The preferred method for DataPower configuration for user-defined policies is to define them explicitly so that they persist to the startup configuration. For more information, see Configuring an assembly function.
Attention: When your integration with API
Connect starts with
the V5 compatible gateway framework, you generally cannot switch to the API Gateway without porting your APIs. For helpful information and things to
consider during your porting process, see GitHub
wiki: API Gateway Porting Notes.
Procedure
What to do next
- Based on the compatibility mode, complete the configuration for the API Gateway in the DataPower application domain.
- When V5 compatible, enable statistics. For details, see Enabling statistics.
- When not V5 compatible, create the configuration sequence to manage the API Gateway configuration. To create this configuration sequence, you must
perform the following procedure. For more information, see Configuration sequence.
- In the search field, enter configuration.
- From the search results, select Configuration Sequence.
- Click Add or New.
- Specify the name for the configuration.
- Ensure that the administrative state is enabled.
- Ensure that the location profiles field is set to local:/// without an access profile. Although the default value is local:///, to activate the panel when you do not need an access profile, you must change to another directory and back to local:///.
- Enter 3000 as the configuration execution interval.
- Click Apply to save the changes to the running configuration.
- Click Save Configuration or Save changes to save the changes to the persisted configuration.
- Register the API gateway on API Connect in the Cloud Manager Console. For more information, see the API Connect documentation.