Use case The API consumer provides a JWT Bearer token which has a payload that contains a custom key. That key's value is an array of GUIDs. One of these GUIDs...
Use case The API consumer provides a JWT Bearer token which has a payload that contains a custom key. That key's value is an array of GUIDs. One of these GUIDs has to match a well-known value in order for the API invocation to be deemed valid. Notes about JWT tokens My favourite resource for all things to do with JWT is here. If you're unfamiliar with this technology I recommend that as your first point of reference. For the purposes of this blog post we don't need very much...
Use case The API consumer provides a JWT Bearer token which has a payload that contains a custom key. That key's value is an array of GUIDs. One of these GUIDs has to match a well-known value in...
Use-case You have an API defined wherein you want to use the Logging Policy (LP) in both the Request and Response pipelines and the LP is defined in both...
Use-case You have an API defined wherein you want to use the Logging Policy (LP) in both the Request and Response pipelines and the LP is defined in both pipelines to use the same log file. The problem It is highly likely that when reviewing the log output that you will want to be able to relate whatever was logged in the Request to whatever's logged in the Response (for the same API invocation instance). However, due to traditional multi-threading and varying durations of...
Use-case You have an API defined wherein you want to use the Logging Policy (LP) in both the Request and Response pipelines and the LP is defined in both pipelines to use the same log file. The...
The use-case The Service Request RESTful endpoint requires that the POSTed payload be in so-called "Flattened" JWS JSON format and that the contents be...
The use-case The Service Request RESTful endpoint requires that the POSTed payload be in so-called "Flattened" JWS JSON format and that the contents be digitally signed using the ES256 algorithm. Method This is a 2-step process as follows:- Acquire ECKey Utilise ECKey to sign the payload Each of these steps will be executed in discrete Groovy Policies. Let's start with a couple of caveats There's a strong argument for saying that an API Gateway is not the place to be signing...
The use-case The Service Request RESTful endpoint requires that the POSTed payload be in so-called "Flattened" JWS JSON format and that the contents be digitally signed using the ES256 algorithm....
What is a Service Callout? A Service Callout is an invocation of some arbitrary endpoint at some stage during processing of the Request pipeline. Service...
What is a Service Callout? A Service Callout is an invocation of some arbitrary endpoint at some stage during processing of the Request pipeline. Service Callouts are not available in the Response pipeline. Using the Service Callout Policy The Service Callout Policy is documented here The key aspect of this Policy is the fact that its use is limited to the evaluation of the invoked endpoint's HTTP return code. You might, for example, invoke an endpoint and check that it...
What is a Service Callout? A Service Callout is an invocation of some arbitrary endpoint at some stage during processing of the Request pipeline. Service Callouts are not available in the Response...
Background Both existing and prospective users of the Oracle API Platform often ask about how Oracle API Platform performs. What they're really asking is "How...
Background Both existing and prospective users of the Oracle API Platform often ask about how Oracle API Platform performs. What they're really asking is "How long will it take from when my client invokes an API (via the Gateway) to when they will get a response?" And the answer is... "It depends". That seemingly unhelpful answer is precisely why this blog exists. Basic understanding of the flow Let's consider this very simple view of what happens when some client invokes...
Background Both existing and prospective users of the Oracle API Platform often ask about how Oracle API Platform performs. What they're really asking is "How long will it take from when my...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed in "production" mode. Without SSL certificate you won't able to deploy an API to gateway node, because in production mode gateway must communicate with APIP management tier over SSL. Another use-case is when backend service is SSL enabled. We will discuss both the scenarios in this blog. 1. Configure certificate in...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed in "production" mode. Without...
A more up-to-date version of this blog is available here Purpose The purpose of this post is to demonstrate through a practical example how a Developer might...
A more up-to-date version of this blog is available here Purpose The purpose of this post is to demonstrate through a practical example how a Developer might enrich an API payload using a Service Callout from within a Groovy Policy. Background Since the release of Oracle API Platform v17.2.5, there has been a standard Policy entitled Service Callout 2.0 (version 1.0 having been deprecated at that release). That Policy facilitates the asynchronous invocation of an arbitrary...
A more up-to-date version of this blog is available here Purpose The purpose of this post is to demonstrate through a practical example how a Developer might enrich an API payload using a...
Once you have provisioned an Oracle API Platform CS instance, one of the first things you will notice is the access to the various consoles are done via Public...
Once you have provisioned an Oracle API Platform CS instance, one of the first things you will notice is the access to the various consoles are done via Public IP addresses: Another issue you will come across is that the certificate used for the instance is "Not Secure", and therefore HTTPS is disabled due to an invalid certificate: The focus of this blog is to walk through the details of how to customize your APIPCS environment for your business, which includes defining a...
Once you have provisioned an Oracle API Platform CS instance, one of the first things you will notice is the access to the various consoles are done via Public IP addresses: Another issue you will...
There are many tools in the market to design, develop, and test API's. Some of these tools could be used separately. Some others could be combined. Every time a...
There are many tools in the market to design, develop, and test API's. Some of these tools could be used separately. Some others could be combined. Every time a change is introduced in the design or implementation of an API, it would be nice to have tests and builds run automatically. Continuous Integration (CI) is a software development practice that allows builds and tests to be triggered every time new code is pushed to the repository. There are may tools that could be...
There are many tools in the market to design, develop, and test API's. Some of these tools could be used separately. Some others could be combined. Every time a change is introduced in the design or...
