Configuring the API Connect Gateway Service

To enable API Connect to connect to and manage the API gateway on the DataPower® Gateway, configure the API Connect Gateway Service.

Before you begin

The API Connect Gateway Service is a service configuration in a DataPower domain. You must set up the DataPower domain for the gateway service. When you use any interface except the GUI to define the domain, you must explicitly define the default domain as a visible domain.
Note: The name of the DataPower domain where you configure the API Connect Gateway Service must be the same on each DataPower Gateway.

Regardless of your API Connect setup, you must create the gateway peering for the API Connect Gateway Service.

About this task

When you configure the API Connect Gateway Service, provide the following settings.
  • The connection between API Connect and the DataPower Gateway.
    • Local host and port of the management interface that API Connect uses to connect to and manage the API gateway. Beyond this port, the service uses four additional consecutive ports after the defined local port to bind to a loopback address. Therefore, ensure that there are no conflicts on all five consecutive ports that start from the defined local port.
    • When API Connect requires a secure connection, specify the existing TLS client profile to use. To create a TLS client profile, see Creating a TLS client profile.
      The following restrictions apply to this profile.
      • Keys and certificates are restricted to PEM and PKCS #12 formats.
      • The validation credentials must use PEM formatted material.
      • The SSL version 3 protocol versions is unsupported.
    • API Connect requires a secure connection to the DataPower service. Specify the existing TLS server profile to use. To create a TLS server profile, see Creating a TLS server profile.
      The following restrictions apply to this profile.
      • Keys and certificates are restricted to PEM and PKCS #12 formats.
      • The validation credentials must use PEM formatted material.
      • The SSL version 3 protocol versions is unsupported.
  • The host and port for the HTTPS handler where client send transactions. The handler is created automatically.
  • Whether to set compatibility to API Connect version 5.
    • When enable, the following configuration is necessary.
      1. The gateway peering that synchronizes distributed state and configuration data. By default, the DataPower Gateway assigns the default-gateway-peering gateway peering. By default, this gateway peering is disabled. For more information, see Creating gateway peering instances.
      2. The peer group mode to use for the SLM policy.
        • When unicast, the IP unicast address or host alias.
        • When multicast, the IP multicast configuration.
    • When disabled, the following configuration is necessary.
      1. The default gateway peering manager in the up and operation state. By default, the default gateway peering manager is disabled. In the gateway peering manager, set which gateway peering instances to use for the following purposes. For more information, see Configuring the gateway peering manager.
        • The gateway peering that synchronizes distributed state and configuration data across peer group members.
        • The rate limiting gateway peering that manages burst limits, rate limits, and count limits.
        • The subscription gateway peering that manages subscribers.
      2. Optionally specify user-defined policies to advertise to API Connect. For more information, see Configuring an assembly function.
The compatibility mode controls the gateway type that provides service for API Connect.
  • When V5 compatible, the DataPower service is a Multi-Protocol Gateway. For a working integration, the following considerations apply.
    • The Application Optimization Module must be installed and activated.
    • Statistics must be enabled for the domain.
    • The configuration sequence is not required or used.
    • Analytics automatically configured.
    • The gateway peering instance that defines the storage to hold the configuration data from API Connect, peers of the API gateway, and peering settings to synchronize the distributed state among peers.
    • The peer group mode to use for the SLM policy must be defined. The available modes are auto-unicast, unicast, and multicast. The default setting is auto-unicast.
      • When auto-unicast, the system chooses an IP unicast address based on the configuration of the XML management interface.
      • When unicast, the IP unicast address or a host alias must be defined.
      • When multicast, the IP multicast object that handles the exchange data among the peers must be defined.
  • When not V5 compatible, the DataPower service is an API Gateway, which is not compatible with V5. For a working integration, the following considerations apply.
    • The Application Optimization Module is not required.
    • Statistics do not need to be enabled for the domain.
    • The configuration sequence must be defined to manage the API Gateway configuration. A configuration sequence is a script-based way to create, modify, and delete configurations on the DataPower Gateway. For more information, see Configuration sequence.
    • Analytics must be configured as discussed in API analytics. After configuring, messages for previous events are sent to the remote Elasticsearch server.
    • The default gateway peering manager in the up and operation state and sets which gateway peering instances to use for the following purposes.
      • The API Connect Gateway Service gateway peering that synchronizes distributed state and configuration data across peer group members.
      • The rate limiting gateway peering that manages burst limits, rate limits, and count limits.
      • The subscription gateway peering that manages subscribers.
    • Optionally, you can use assembly functions to specify user-defined policies to advertise to API Connect for use in the API Connect Assembly Editor. For an assembly function that is a user-defined policy, configure the assembly function with a mechanism other than a watched file processed by a configuration sequence. Objects created through configuration sequence processing are not persisted to the startup configuration. The preferred method for DataPower configuration for user-defined policies is to define them explicitly so that they persist to the startup configuration. For more information, see Configuring an assembly function.
Attention: When your integration with API Connect starts with the V5 compatible gateway framework, you generally cannot switch to the API Gateway without porting your APIs. For helpful information and things to consider during your porting process, see GitHub wiki: API Gateway Porting Notes.

Procedure

  1. In the search field, enter api.
  2. From the search results, select API Connect Gateway Service.
  3. Set the administrative state of the configuration.
  4. In the Comments field, enter a descriptive summary.
  5. Define the host and port through which API Connect connects to manage the configuration of the gateway service.
    1. Specify the local IP address or a host alias.
      The default value is 0.0.0.0, which is all active IP4 addresses.
    2. Specify the local TCP port.
      The default value is 3000. Beyond this port, the service uses four additional consecutive ports. Therefore, ports 3000, 3001, 3002, 3003, and 3004 are in use.
  6. Optional: When API Connect requires a secure connection, specify the TLS client profile.
  7. Optional: When the DataPower Gateway requires a secure connection, specify the TLS server profile.
  8. Define the host and port for the HTTPS handler that the API gateway accepts client transactions.
    1. Specify the IP address or a host alias for the handler.
      The default value is 0.0.0.0, which is all active IP4 addresses.
    2. Specify the port for the handler.
      The default value is 9443.
  9. Specify whether to enable compatibility with API Connect version 5.
  10. Depending on compatibility mode, define the following properties.
    • When V5 compatibility is enabled, specify the following settings.
      1. Specify the gateway peering to synchronize distributed state and configuration data.
      2. Specify the peer group mode to use for the SLM policy.
        • When unicast mode, specify the IP unicast address or select a host alias.
        • When multicast mode, specify the IP multicast configuration.
    • When V5 compatibility is disabled, specify the following settings.
      1. Optionally edit the default gateway peering manager that specifies the gateway peering for the following purposes.
        • Synchronize distributed state and configuration data
        • Manage rate limiting data
        • Manage subscriber data
      2. Optionally specify user-defined policies to advertise to API Connect.
  11. Click Apply to save the changes to the running configuration.
  12. Click Save Configuration or Save changes to save the changes to the persisted configuration.

What to do next

  1. Based on the compatibility mode, complete the configuration for the API Gateway in the DataPower application domain.
    • When V5 compatible, enable statistics. For details, see Enabling statistics.
    • When not V5 compatible, create the configuration sequence to manage the API Gateway configuration. To create this configuration sequence, you must perform the following procedure. For more information, see Configuration sequence.
      1. In the search field, enter configuration.
      2. From the search results, select Configuration Sequence.
      3. Click Add or New.
      4. Specify the name for the configuration.
      5. Ensure that the administrative state is enabled.
      6. Ensure that the location profiles field is set to local:/// without an access profile. Although the default value is local:///, to activate the panel when you do not need an access profile, you must change to another directory and back to local:///.
      7. Enter 3000 as the configuration execution interval.
      8. Click Apply to save the changes to the running configuration.
      9. Click Save Configuration or Save changes to save the changes to the persisted configuration.
  2. Register the API gateway on API Connect in the Cloud Manager Console. For more information, see the API Connect documentation.