API Gateway

You can create, run, and secure your APIs with the DataPower API Gateway service. The API Gateway exposes APIs to the calling applications, and provide processing actions that enable the APIs to integrate with various endpoints. When a request arrives at the API Gateway, the gateway routes the request to the target API and runs the API to access the back-end resources that are made available through the API. The API Gateway also allows you to monitor API activities and perform analytics based on the activity data.

The API Gateway supports REST APIs that are compliant with version 2.0 of the Swagger specification.

The API Gateway involves the following roles in to the API development and management cycle.
  • API developer, who develops, tests, and packages the APIs for access.
    With the API Gateway, a developer typically does the following tasks:
    • Develop APIs in the DataPower® Gateway by creating each API as an API definition configuration.
    • Secure APIs by defining security requirements at the API level and the operation level.
    • Expose an API for client access by adding the API into an API plan. You can package a list of APIs in an API plan and define the rate limit settings for the plan.
  • API client, who invokes the API on the gateway by sending requests through applications or web pages.
    To access an API in the API Gateway, a client must subscribe to at least one API plan that contains the target API. A client is identified as a subscriber through API keys that are carried in the request. As shown in Figure 1.
    • Subscriber X is allowed to access API 1, 2, and 4 through Plan A.
    • Subscriber Y is allowed to access API 3, 4, and 5 through Plan B, and access API 6 through Plan C.
    • Subscriber Z is not subscribed to Plan A, B, or C, so cannot access any APIs in these plans.
    Therefore, to access API 4, a client must be identified as subscriber X or Y.
    Figure 1. Subscribers, plans, and APIs
    Image a previously described in text

In addition to the common API management pattern, the API Gateway provides the following IBM extensions to the standard Swagger specification.

API collection

An API collection allows you to group a set of plans and subscribers to make APIs available to a specific group of API clients. An API Gateway can comprise one or more collections. An API collection in the DataPower API Gateway corresponds to a catalog in the API Connect API Manager.

The APIs in a collection are served on a specific path, which is called routing prefix. To access the APIs in a collection, the URL of the API request must match the URL that is formed by the routing prefix of the collection, the base path of the API, and the relative path to the target API operation.

Figure 2 shows an API Gateway with three API collections, each collection packages a set of subscribers and plans. To access an API in collection I, the URL of the API request must contain the routing prefix of collection I.
Figure 2. API collections
Image a previously described in text


You can assemble processing actions where each action acts on different contexts of an API call to complete the required API operation. The configuration that assembles the processing actions is an assembly. The API Gateway responds to an API request by running the assembly of the matching API. An assembly consists of an assembly rule and a set of error handling policies.
  • An assembly rule comprises only assembly actions to act on the API context.
  • An error handling policy defines how to handle a specific error.

API property

You can create custom API properties or alter the values of existing properties for an API. The property value can vary with the API collection that the API belongs to. The collection-specific API properties allow you to use the same API definition in different API collections where each collection is slightly different from each other.