walkthrough.adoc

Integrator Lab 3 - Managing API Endpoints

In this lab you will be adding management capabilities to your API to give you control and visibility of it’s usage.

Audience: Developers, Architects, Testers, Quality Engineers

Overview

Once you have APIs deployed in your environment, it becomes critically important to manage who may use them, and for what purpose. You also need to begin to track usage of these different users to know who is or is not succeeding in their usage.

Why Red Hat?

Red Hat provides one the leading API Management tools that provides API management services. The 3scale API Management solution enables you to quickly and easily protect and manage your APIs.

Credentials:

Your username is: {user-username}
Your password is: openshift

3scale Admin Console

• Console

Define your API Proxy

1. Log in to 3scale Admin web console using {user-username} and password: openshift.

   

2. The first page you will land is the API Management Dashboard. Click on the Create Product link.

   

3. Enter the following values:

   • Name: Location

   • System name: location

   • Description: Location API

     

4. Click on Create Product.

5. On the Product: Location overview page, Click on the Integration menu on the left to expand it.

6. Click on Settings to edit the API settings for the gateway.

   

7. Keep the APIcast deployment option in the Gateway section.

   

8. Scroll down and keep the API Key (user_key) Authentication and other settings.

   

9. Click on Update Product.

Was the service updated successfully?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Create Application Plan

1. Click on Applications and on the link Application Plans.

   

2. Click on Create Application Plan button.

   

3. In the Create Application Plan form, enter the following values:

   • Name: Location Basic Plan

   • System name: locations_basic_plan

4. Leave the other values unchanged and click on Create Application Plan.

   

5. Click on Kebab menu and select Publish for the Location Basic Plan.

   

6. Click on Product drop down and select Audience.

   

7. There will be one default Account Developer. Click on the 1 link under Apps

   

8. In the next page, click on Create Application.

   

9. In the Create Application form, enter following values:

   • Product: Location

   • Application Plan: Location Basic Plan

   • Name: dev_location_app

   • Description: Developer Location Basic App

10. Click on Create Application button.

    

Was the applcation plan and application created successfully?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Update Methods, Metrics & Mapping Rules

1. Click on Audience drop down and select Product.

   

2. Click on Location product.

   

3. Click on the Metric or Method link.

   

4. Click on the New Method link in the Methods section.

   

5. Fill in the information for your Fuse Method.

   • Friendly name: Get Locations

   • System name: locations_all

   • Description: Method to return all locations

   

6. Click on Create Method.

7. Click on the Mapping Rules section to define the Mapping Rules for the API.

   

8. Click on the Edit button to edit the default mapping rule.

   The default mapping is the root ("/") of our API resources, and this example application will not use that mapping. The following actions will redefine that default root ("/") mapping.

9. Click on the edit icon next to the GET mapping rule.

10. Type in the Pattern text box the following:

    /locations

11. Select Get Locations as Metric or Method to increment from the combo box, then click on Update Mapping Rule.

    

Was the setup of the settings successful?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Define your API Policies

Red Hat 3scale API Management provides units of functionality that modify the behavior of the API Gateway without the need to implement code. These management components are know in 3scale as policies.

The order in which the policies are executed, known as the “policy chain”, can be configured to introduce differing behavior based on the position of the policy in the chain. Adding custom headers, perform URL rewriting, enable CORS, and configurable caching are some of the most common API gateway capabilities implemented as policies.

1. Scroll down click on Policies link to define the allowed methods on our exposed API.

   

   The default policy in the Policy Chain is APIcast. This is the main policy and most of the times you want to keep it.

2. Click the Add Policy link to add a new policy to the chain.

   

   Out-of-the-box 3scale includes a set of policies you can use to modify the way your API gateway behaves. For this lab, we will focus on the Cross Origin Resource Sharing (CORS) one as we will use it in the consumption lab.

3. Click in the CORS Request Handling link to add the policy.

   

4. Put your mouse over the right side of the policy name to enable the reorder of the chain. Drag and drop the CORS Request Handling policy to the top of the chain.

   

5. Now CORS Request Handling policy will be executed before the APIcast. Click the CORS Request Handling link to edit the policy.

   

6. In the Edit Policy section, click the green + button under ALLOW_HEADERS to add the allowed headers.

7. Type Authorization in the Allowed headers field.

8. Tick the allow_credentials checkbox and fill in with a star * in the allow_origin text box.

   

9. Click the green + button under ALLOW_METHODS twice to enable two combo boxes for the CORS allowed methods.

10. Select OPTIONS from the first box and GET from the second box.

    

11. Click the Update Policy button to save the policy configuration.

12. Click on Update Policy Chain button to save the policy order & configurations.

    

Was the setup of the API Policy successful?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Configure the Backend

1. Click on the Backends link. Then click on Add Backend link.

   

2. Click on Create a new Backend link.

   

3. In the New Backend form, fill in the information for the API backend:

   • Name: Location Backend

   • System Name: location_backend

   • Description: Location API Backend

   • Private Base URL: http://location-service.international.svc:8080

     We are using the internal API service, as we are deploying our services inside the same OpenShift cluster.

     

4. Click on Create Backend.

5. Click on Add to product.

   

6. Click on Settings link and observe the staging and production URLs of the API.

   As we are using APIcast 3scale Managed the Routes will be created and managed by 3scale in the same namespace where 3scale is deployed on OpenShift.

   

7. Click on the Configuration link to enter the Configuration section.

8. Click on the Promote v. 1 to Staging APIcast button to save the changes and check the connection between client, gateway and API.

   

9. Click on the Promote v.1 to Production APIcast button to promote your configuration from staging to production.

   

Was the API promotion successful?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Test the API

In this section, you can test the API staging and production URLs and ensure the API Gateway is routing requests to the backend API correctly, and is authenticating the user.

1. In a new browser window, navigate to Reqbin link.

2. Copy the Staging curl Url and paste it in the reqbin text box as shown below and click on Run.

   
   

3. Check that you get a Status: 200(OK) response and get a valid response message body.

   

4. Change the user_key in the request to a random string and try again. This time you should get a Status: 403 (Forbidden) message.

   

5. Try the same for the Production URLs with a valid user key & an invalid user key.

Congratulations! You have configured 3scale access control layer as a proxy to only allow authenticated calls to your backend API.

• 3scale is also now:

  • Authenticating (If you test with an incorrect API key it will fail)

  • Recording calls (Visit the Analytics tab to check who is calling your API).

Summary

In this lab we just covered the basics of creating a proxy for our API service. Red Hat 3scale API Management also allows us to keep track of security (as you will see in the next lab) as well as the usage of our API. If getting money from your API’s is also important to you, 3scale allows you to monetize your API’s with its embedded billing system.

Try to navigate through the rest of the tabs of your Administration Portal. Did you notice that there are application plans associated to your API? Application Plans allow you to take actions based on the usage of your API, like doing rate limiting or charging by hit (API call) or monthly usage.

You set up an API management service and API proxies to control traffic into your API. From now on you will be able to issue keys and rights to users wishing to access the API.

You can now proceed to Lab 4.

Notes and Further Reading

• API Management

  • Red Hat 3scale API Management

  • Developers All-in-one 3scale install

  • ThoughtWorks Technology Radar - Overambitious API gateways