Skip to content

Latest commit

 

History

History

lab03

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
images
images
 
 
README.md
README.md
 
 

README.md

Lab 3

API Management

Take control of your APIs

  • Duration: 15 mins
  • Audience: API Owners, Product Managers, Developers, Architects

Overview

Once you have APIs deployed in your environment, it becomes critically important to manage who may use them and for what purpose. You also need to begin to track usage of these different users to know who is/is not succeeding in their usage. For this reason in this lab you will be adding management capabilites to the API to give you control and visibility of it's usage.

Why Red Hat?

Red Hat provides one the leading API Management tools which provide management services. The 3scale API Management solution enables you to quickly and easy protect and manage your APIs.

Skipping The Lab

If you are planning to follow to the next lab, there is an already running API proxy for the Location API Service in this endpoint:

https://location-service-api.amp.apps.GUID.openshiftworkshop.com

Environment

URLs:

Check with your instruction the GUID number of your current workshop environment. Replace the actual number on all the URLs where you find GUID.

Example in case of GUID = 1234:

https://master.GUID.openshiftworkshop.com

becomes =>

https://master.1234.openshiftworkshop.com

Credentials:

Your username is your asigned user number. For example, if you are assigned user number 1, your username is:

user1

The password to login is always the same:

openshift

Lab Instructions

Step 1: Define your API Proxy

Your 3scale Admin Portal provides access to a number of configuration features.

  1. Open a browser window and navigate to:

    https://userX-admin.apps.GUID.openshiftworkshop.com/

    Remember to replace the GUID with your environment value and your user number.

  2. Accept the self-signed certificate if you haven't.

    selfsigned-cert

  3. Log into 3scale using your designated user and password. Click on Sign In.

    01-login.png

  4. The first page you will land is the API Management Dashboard. Click on the API menu link.

    01a-dashboard.png

  5. This is the API Overview page. Here you can take an overview of all your services. Click on the Integration link.

    02-api-integration.png

  6. Click on the edit integration settings to edit the API settings for the gateway.

    03-edit-settings.png

  7. Keep select the APIcast deployment option in the Gateway section.

    04-apicast.png

  8. Scroll down and keep the API Key (user_key) Authentication.

    05-authentication.png

  9. Click on Update Service.

  10. Click on the add the Base URL of your API and save the configuration button

    04-base-url

  11. Scroll down and expand the MAPPING RULES section to define the allowed methods on our exposed API.

    The default mapping is the root ("/") of our API resources, something that we might want to avoid.

    07b-mapping-rules.png

  12. Click on the Metric or Method (Define) link.

    07b-mapping-rules-define.png

  13. Click on the New Method link in the Methods section.

    07b-new-method.png

  14. Fill in the information for your Fuse Method.

    • Friendly name: Get Locations

    • System name: locations_all

    • Description: Method to return all locations

    07b-new-method-data.png

  15. Click on Create Method.

  16. Click on the Add mapping rule link

    07b-add-mapping-rule.png

  17. Click on the edit icon next to the GET mapping rule.

    07b-edit-mapping-rule.png

  18. Type in the Pattern text box the following:

    /locations

  19. Select locations_all as Method from the combo box.

    07b-getall-rule.png

Step 2: Define your API Policies

Red Hat 3scale API Management provides units of functionality that modify the behavior of the API Gateway without the need to implement code. These management components are know in 3scale as policies.

The order in which the policies are executed, known as the “policy chain”, can be configured to introduce differing behavior based on the position of the policy in the chain. Adding custom headers, perform URL rewriting, enable CORS, and configurable caching are some of the most common API gateway capabilities implemented as policies.

  1. Scroll down and expand the POLICIES section to define the allowed methods on our exposed API.

    01-policies

    The default policy in the Policy Chain is APIcast. This is the main policy and must of the times you want to keep it.

  2. Click the Add Policy link to add a new policy to the chain.

    02-add-policy

    Out-of-the-box 3scale includes a set of policies you can use to modify the way your API gateway behaves. For this lab, we will focus on the Cross Origin Resource Sharing (CORS) one as we will use it in the consumption lab.

  3. Click in the CORS link to add the policy.

    03-cors-policy

  4. Put your mouse over the right side of the policy name to enable the reorder of the chain. Drag and drop the CORS policy to the top of the chain.

    04-chain-order

  5. Now CORS policy will be executed before the APIcast. Click the CORS link to edit the policy.

    05-cors-configuration

  6. In the Edit Policy section, click the green + button to add the allowed headers.

    06-add-headers

  7. Type Authorization in the Allowed headers field.

    07-authorization-header

  8. Tick the allow_credentials checkbox and fill in with a star (*) the allow_origin text box.

    08-allow-origin

  9. Click twice the green + button under ALLOW_METHODS to enable two combo boxes for the CORS allowed methods.

  10. Select GET from the first box and OPTIONS from the second box.

    09-allow-methods

  11. Click the Submit button to save the policy configuration.

Step 3: Configure the Upstream Endpoint

  1. Scroll back to the top of the page. Fill in the information for accessing your API:

    Remember to replace the GUID with your environment value.

    We are using the internal API service, as we are deploying our services inside the same OpenShift cluster.

    07-baseurl-configuration.png

  2. Scroll down to the API Test GET request.

  3. Type in the textbox:

    /locations

  4. Click on the Update the Staging Environment to save the changes and check the connection between client, gateway and API.

    08-update-staging.png

    If everything works, you will get a green message on the left.

  5. Click on Back to Integration & Configuration link to return to your API overview.

    08aa-back-to-integration.png

  6. Click on the Promote v.1 to Production button to promote your configuration from staging to production.

    08a-promote-production.png

Congratulations! You have configured 3scale access control layer as a proxy to only allow authenticated calls to your backend API. 3scale is also now:

  • Authenticating (If you test with an incorrect API key it will fail)
  • Recording calls (Visit the Analytics tab to check who is calling your API).

Steps Beyond

In this lab we just covered the basic creating of a proxy for our API service. Red Hat 3scale API Management also allows us to get a track of the security (as you can see in the next lab) as well as the usage of our API. If getting value from APIs is also important to you, 3scale allows you to monetize your APIs with it's embedded billing system.

Try to navigate through the rest of the tabs of your Administration Portal. Did you notice that there are application plans associated to your API? Application Plans allow you to take actions based on the usage of your API, like doing rate limiting or charging by hit or monthly usage.

Summary

You set up an API management service and API proxies to control traffic into your API. From now on you will be able to issue keys and rights to users wishing to access the API.

You can now proceed to Lab 4

Notes and Further Reading