API gateway

You can create, run, and secure your APIs with the DataPower API gateway service. The API gateway exposes APIs to the calling applications, and provide processing actions that enable the APIs to integrate with various endpoints. When a request arrives, the gateway routes the request to the target API and runs the API to access target resources. With the API gateway, you can monitor API activities and collect analytics based on the activity data.

The API gateway supports REST APIs that are compliant with OpenAPI version 2.0.

The API gateway involves the following roles in the API development and management cycle.
  • An API developer, who develops, tests, and packages the APIs for access.
    With the API gateway, a developer typically does the following tasks:
    • Develop APIs in the DataPower® Gateway by creating each API as an API definition configuration.
    • Secure APIs by defining security requirements at the API level and the operation level.
    • Expose an API for client access by adding the API into an API plan. You can package a list of APIs in an API plan and define the rate limit settings for the plan.
  • An API client, who calls the API on the gateway by sending requests through applications or web pages.
    To access an API in the API gateway, a client must subscribe to at least one API plan that contains the target API. A client is identified as a subscriber through API keys that are carried in the request. As shown in Figure 1.
    • Subscriber X is allowed to access API 1, 2, and 4 through Plan A.
    • Subscriber Y is allowed to access API 3, 4, and 5 through Plan B, and access API 6 through Plan C.
    • Subscriber Z is not subscribed to Plan A, B, or C, so cannot access any APIs in these plans.
    Therefore, to access API 4, a client must be identified as subscriber X or Y.
    Figure 1. Subscribers, plans, and APIs
    Image as previously described in text

In addition to the common API management pattern, the API gateway provides the following IBM extensions to the standard OpenAPI specification.

API collection

An API collection where you group a set of plans and subscribers to make APIs available to a specific group of API clients. An API gateway can comprise one or more collections. An API collection in the DataPower API gateway corresponds to a catalog in the API Connect API Manager.

The APIs in a collection are served on a specific path, which is called routing prefix. To access APIs in a collection, the URL of the API request must match the URL that is formed by the following properties.
  • The routing prefix of the collection.
  • The base path of the API.
  • The relative path to the target API operation.
Figure 2 shows an API gateway with two API collections, each collection packages a set of subscribers and plans. To access an API in Collection 1, the URL of the API request must contain the routing prefix of collection1.
Figure 2. API collections
Image as previously described in text

Assembly

You can assemble processing actions where each action acts on different contexts of an API call to complete the API operation. The configuration that assembles the processing actions is an assembly. The API gateway responds to an API request by running the assembly of the matching API. An assembly consists of an assembly rule and a set of error handling policies.
  • An assembly rule comprises only assembly actions to act on the API context.
  • An error handling policy defines how to handle a specific error.

API property

You can create custom API properties or alter the values of existing properties for an API. The property value can vary with the API collection that the API belongs to. With collection-specific API properties, you can use the same API definition in different API collections where each collection is slightly different from each other.