Oracle API Platform Cloud Service (APIP CS) is an API Management Platform for covering the complete API lifecycle. A general overview about the solution is provided in one of my previous blog posts.
In this blog post, I’ll summarize the steps that are needed to setup a first API Gateway Gateway Node.
Logical Gateway and Gateway Nodes
Before getting started with the Gateway setup, a basic concept needs to be clarified.
Oracle APIP CS support the concept of a so called Logical Gateway, which depicts a logical configuration and management unit for the several Gateway Nodes. A Gateway Node is a physical representation of a API Gateway. It is the runtime component, where APIs are exposed to the outside world and where the defined API policies are enforced, when an API is called by a client.
From a subscription perspective the number of Logical Gateways is the relevant criterium with respect to the occurring costs. No matter, on how many Gateway Nodes are registered to a Logical Gateway.
Before getting started with the installation, a respective Compute Node (OCI, AWS, Azure, On-Premise) instance is needed on which the Gateway Node should be deployed. In my case, I used a OCI Compute instance, which I setup using the OCI console. The general system requirements for the target machine can be found in the documentation.
Create needed users
As mentioned in the documentation, a prerequisite for the API Gateway deployment, is the availability of the following two users:
- Gateway Manager user, who is responsible for managing the Gateway and needs to be assigned to the Gateway Manager role
- Gateway Runtime user, who is responsible for the interaction between Gateway Node and Management Service and needs to be assigned to the Gateway Runtime role
Those two users need to be created by an Identity Domain administrator using the User section in the Service Dashboard.
After user creation, the respective roles need to be assigned in the user’s details.
Define the Logical Gateway
In a first step, I used the Oracle APIP CS Management Portal, I created a new Logical Gateway and named it “Development Gateway”.
In the Logical Gateway Nodes section, the Gateway Node installer can be downloaded.
In addition, the page provides the “Open installation wizard” button, which is useful to create an initial Gateway installation configuration (gateway-props.json) for the specific Logical Gateway.
In the Grants section of the Logical Gateway section, the following grants needs to be defined for the two previously created users:
- Gateway Manager grant to the Gateway Manager user
- Node Service account grant to the Gateway Runtime user
Install the Gateway
After downloading the Gateway Installer, I copied this to my previously configured OCI Compute instance, connected to the instance via SSH and unzipped the installer to /u01/installer.
sudo mkdir -p /u01/apics sudo mkdir -p /u01/installer sudo chown -R opc /u01 unzip ApicsGatewayInstaller.zip -d /u01/installer
After that, I replaced the file /u01/installer/gateway-props.json with one I created using the Installation wizard using the APIP CS Management Portal.
Before the Gateway installation can be started, a valid Oracle JDK need to be installed and the JAVA_HOME environment needs to be set appropriately.
sudo mkdir -p /usr/java curl -v -j -k -L -H "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm > /usr/java/jdk-8u131-linux-x64.rpm sudo rpm -ivh /usr/java/jdk-8u131-linux-x64.rpm export JAVA_HOME=/usr/java/jdk1.8.0_131
After that preparation steps, the Gateway Node can be installed.
/u01/installer/APIGateway -f /u01/installer/gateway-props.json -a install-configure-start
During installation and configuration you’re prompted for a Weblogic domain username (Weblogic domain administrator), who will be created during this step. I called the user “weblogic” with a respective password.
Join the Gateway Node to the Logical Gateway
After the Gateway Node has been successfully installed and started, it needs to be registered with the previously created Logical Gateway.
/u01/installer/APIGateway -f /u01/installer/gateway-props.json -a join
While executing this step, you’re prompted for the usernames and passwords of the previously created Gateway Manager user and Gateway Runtime user.
In addition to the User credentials, the IDCS Client credentials for APIP CS also need to be passed. Those credentials, namely the Client Id and the Client Secret, can be found in the Platform settings section of the APIP CS Management Portal.
Approving the Gateway Node
After the Gateway has been joined successfully, it needs to be approved by a Gateway Manager, using the Management Portal.
After approving the Gateway and before deploying the first API, respective Load Balancer URLs need to be defined for the Logical Gateway instance. Since I just have one Gateway Node, I set to the hostname of the Gateway Node.
Testing the API Gateway
For testing purposes, I just created a test API against a httpbin.org mock service that replies with the passed status code. The API definition is super simple, does a passthrough without further policy definitions.
To test the service quickly, I simply did an HTTP call via HTTPie.
This results in the following response:
HTTP 1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Content-Length: 0 Content-Type: text/html; charset=utf-8 Date: Fri, 10 May 2019 06:38:35 GMT Referrer-Policy: no-referrer-when-downgrade Server: nginx X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block
With that it’s proven that the Gateway has been deployed successfully and is working correctly.