walkthrough.adoc

Developer Lab 5 - Managed API Endpoints

In this lab, you will protect the Restful endpoints using Red Hat 3scale API Management

Audience: API Owners, Product Managers, Developers, Architects

Overview

Once you have APIs deployed in your environment, it becomes critically important to manage who may use them and for what purpose. You also need to begin to track usage of these different users to know who is/is not succeeding in their usage. For this reason in this lab you will be adding management capabilities to the API to give you control and visibility of it’s usage.

Why Red Hat?

Red Hat provides one the leading API Management tools which provide management services. The 3scale API Management solution enables you to quickly and easy protect and manage your APIs.

Credentials:

Your username is: {user-username}
Your password is: openshift

SSO Console

• Console

3scale

• 3scale Admin Console

Sign-in to Red Hat SSO

1. Launch a new tab on your web browser.

2. Navigate to the Solution Explorer on that tab.

3. Click on the Red Hat Single Sign-On link.

4. Log in to SSO Admin web console using {user-username} and password: openshift. Click on Log in.

   

5. Select Clients from the left menu.

   

   A 3scale-admin client and service account was already created for you.

6. Click on the 3scale-admin link to view the details.

   

7. Click the Credentials tab.

   

8. Take note of the client Secret. Copy and save it or write it down as you will use it to configure 3scale.

   

   The secret is set to clientsecret for this lab.

9. Click on Service Account Roles tab of the 3scale-Admin client:

   

   Note	If you do not see the Service Account Roles tab, make sure Service Accounts Enabled is ON, Standard Flow Enabled is OFF and click on Save.

10. In Client Roles, enter realm-management. Select all the available roles and click on Add Selected to move to the Assigned Roles text box. Ignore of the roles are already assigned.

    

Were you able configure the Red Hat SSO correctly?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the RH-SSO application.

Add User to Realm

Note	If the user is already added as part of the Integrators lab, you can skip this section.

1. Click on the Users menu on the left side of the screen.

   

2. Click the Add user button.

   

3. Type apiuser as the Username.

   

4. Click on the Save button.

5. Click on the Credentials tab to reset the password. Type apipassword as the New Password and Password Confirmation. Turn OFF the Temporary to avoid the password reset at the next login.

   

6. Click on Set Password.

7. Click on the Set password button in the pop-up dialog.

   

Were you able to add a user?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the RH-SSO application.

Now you have a user to test your SSO integration.

Get API Token for Automation

Your 3scale Admin Portal provides access to a number of configuration features. An administration token is needed when automating setups for your API. This step will let you create a new token for setup.

1. Log in to 3scale Admin web console using {user-username} and password: openshift. Click on Sign in.

   

2. The first page you will land is the API Management Dashboard. Click on the drop on arrow and navigate to Account Settings

   

3. Click onto Personal. On the dropdown, Click on Tokens.

4. Click on Add Access Token to create a new token.

   

5. Create a new token that has the Read & Write rights to your management platform. Enter Name as securetoken, check the Account management API checkbox and READ & WRITE for Permission.

   

6. Please make sure you copy the Token to somewhere safe, and don’t forget it. Do not click on the I have copied button before you have completed copying and saving the token somewhere safe. Click on I have copied the token to finish off.

   

Were you able to create and copy the token?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Start managing your APIs

By running the following commmands, the application will automatically setup the 3scale API configuration and start managing the API you have exposed.

1. In you command line terminal or in your Che terminal enter the following CURL command: curl -X POST http://threescale-automate-international.{openshift-app-host}/threescale/automate/{YOUR_API_TOKEN}/{user-username}/{openshift-app-host}

   Remember to replace YOUR_API_TOKEN with your generated *token*

2. The API automated, DONE! string should be returned as the result.

Was the string returned?

Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the 3scale API Management application.

Congratulations! You have configured 3scale access control layer as a proxy to only allow authenticated calls to your backend API. 3scale is also now: Authenticating: (If you test with an incorrect API key it will fail) Recording calls (Visit the Analytics tab to check who is calling your API).

Common Gotcha

If you encountered the following error: org.apache.camel.http.common.HttpOperationFailedException: HTTP operation failed invoking https://{user-username}-admin.{openshift-app-host}/admin/api/services.xml with statusCode: 422

This may be due to a failed build. Troubleshoot by deleting SSO Location API. SSO Location API can be located here:

• In your browser, https://{user-username}-admin.{openshift-app-host}

• Click SSO Location API - Definition

• Click edit

• Click I understand the consequences, proceed to delete 'SSO Location API' service.

  Try running this command again in the terminal:

  curl -X POST http://threescale-automate-international.{openshift-app-host}/threescale/automate/{YOUR_API_TOKEN}/{user-username}/{openshift-app-host}

Steps Beyond

In this lab we just covered the basic creating of a proxy for our API service. Red Hat 3scale API Management also allows us to get a track of the security (as you can see in the next lab) as well as the usage of our API. If getting value from APIs is also important to you, 3scale allows you to monetize your APIs with it’s embedded billing system.

Try to navigate through the rest of the tabs of your Administration Portal. Did you notice that there are application plans associated to your API? Application Plans allow you to take actions based on the usage of your API, like doing rate limiting or charging by hit or monthly usage.

Summary

You set up an API management service and API proxies to control traffic into your API. From now on you will be able to issue keys and rights to users wishing to access the API.

You can now proceed to Lab 6.

Notes and Further Reading

• Red Hat 3scale API Management

• Developers All-in-one 3scale install

• ThoughtWorks Technology Radar - Overambitious API gateways