Managing the REST management interface

The DataPower® REST management interface is available in the default domain. By default, this service is not enabled. To accept client connections, enable this service and define its configuration.

About this task

Using the REST management interface involves sending REST requests to the DataPower Gateway and receiving responses. You can use the curl program, similar shell tool, or a browser tool.

Tip: The equivalent entry point in the CLI is the global rest-mgmt command.
When you enable this service without defining any other properties, the default configuration is as follows. To change the configuration, modify the properties as needed for your environment.
  • The service attempts to bind to the management Ethernet interface on port 5554. When the management Ethernet interface is not defined, the service binds to all configured interfaces on port 5554. Therefore, define an explicit IP address or host alias to isolate management traffic from application data traffic.
  • The service accepts traffic from all client IP addresses because the rest-mgmt ACL defines no clauses. For more information, see Creating an access control list.
  • The service uses a built-in TLS server profile that uses a DataPower self-signed to secure connections from clients. For optimal security, create a TLS server profile or TLS SNI server profile that uses different keys and certificates to secure connections. You can use a TLS server profile or TLS SNI server profile. For more information, see Custom TLS profile for management access.

When you no longer want to support REST requests, disable the administrative state of the REST management interface.

Procedure

  1. In the search field, enter rest.
  2. From the search results, click REST management interface.
  3. Set the administrative state of the configuration.
  4. In the Comments field, enter a brief, descriptive summary for the configuration.
  5. In the Local address field, enter the local IP address that the service listens for requests. To use a local host alias, click Select alias. A host alias resolves an alias to a static IP address. Aliasing can help when you move configurations among DataPower instances.
  6. In the Port number field, change the port on which the service listens for requests.
  7. From the Custom TLS server type list, select the profile type to secure connections.
    • For a TLS server profile, select the TLS server profile from the Custom TLS server profile list. For more information, see Creating a TLS server profile.
    • For a TLS SNI server profile, select the TLS SNI server profile from the Custom TLS SNI server profile list. For more information, see Creating a TLS SNI server profile.
  8. Optional: Edit the rest-mgmt ACL.
  9. Click Apply to save changes to the running configuration.
  10. Click Save to save changes to the persisted configuration.