Configuring API callback processor settings

Edit online

About this task

You can configure the API callback processor setting All API callback requests so that webMethods API Gateway accepts all the requests from the client that contain the callback request URL and wrap the requests with its own URL before routing them to the native API. This lets webMethods API Gateway track the requests that the client sends to the native API and the callback messages that are sent by the native API to the client. In addition, you can use the settings Allow HTTPS access only and Process only allowed IPs requests to avoid any external threats in case an unauthorized user tries to access the protected resource.

You must have manage general administration configurations functional privileges to configure callback processor settings.

Procedure

  1. Open the menu options and select Administration.
  2. Select General > Callback processor settings.
  3. Select All API callback requests.

    This enables webMethods API Gateway to accept all the API callback requests coming from the client and wraps these requests with its own URL before it routes these requests to the native API. This option is selected by default.

    When this setting is disabled, the request from the client reaches the native API, as is, without the webMethods API Gateway wrapping it with it own URL. So, when the native API sends out the callback request to the client it directly reaches the client and webMethods API Gateway is unable to track such events.

  4. Select Allow HTTPS access only.

    This allows webMethods API Gateway to receive only HTTPS callback requests from the native API and processes the requests before routing them to the client. If a HTTP callback request comes in, webMethods API Gateway sends out an Access denied message to the client. This option is selected by default.

    If this option is not selected then webMethods API Gateway accepts the HTTP callback requests and processes the requests before routing them to the client.

  5. Select Process only allowed IPs requests.

    This allows webMethods API Gateway to receive the callback requests only from the IP addresses specified in the Trusted IP addresses list. webMethods API Gateway allows callback requests only from the allowed IPs configured in Trusted IP address list. You can configure your native APIs machine IPs or the native API outbound proxy server IPs here, so webMethods API Gateway allows a request coming from the native API and would then be routed to the client.

    If there are no trusted IPs configured and this option is selected, then webMethods API Gateway does not allow any requests.

  6. Type the IP address in the Trusted IP address and click Add.

    You can add multiple IP addresses. webMethods API Gateway allows only requests coming from these IP addresses when the option Process only allowed IPs requests is selected.

  7. Click Save.