The use-case The Service Request RESTful endpoint requires that the POSTed payload be in so-called "Flattened" JWS JSON format and that the contents be...
The use-case The Service Request RESTful endpoint requires that the POSTed payload be in so-called "Flattened" JWS JSON format and that the contents be digitally signed using the ES256 algorithm. Method This is a 2-step process as follows:- Acquire ECKey Utilise ECKey to sign the payload Each of these steps will be executed in discrete Groovy Policies. Let's start with a couple of caveats There's a strong argument for saying that an API Gateway is not the place to be signing...
The use-case The Service Request RESTful endpoint requires that the POSTed payload be in so-called "Flattened" JWS JSON format and that the contents be digitally signed using the ES256 algorithm....
What is a Service Callout? A Service Callout is an invocation of some arbitrary endpoint at some stage during processing of the Request pipeline. Service...
What is a Service Callout? A Service Callout is an invocation of some arbitrary endpoint at some stage during processing of the Request pipeline. Service Callouts are not available in the Response pipeline. Using the Service Callout Policy The Service Callout Policy is documented here The key aspect of this Policy is the fact that its use is limited to the evaluation of the invoked endpoint's HTTP return code. You might, for example, invoke an endpoint and check that it...
What is a Service Callout? A Service Callout is an invocation of some arbitrary endpoint at some stage during processing of the Request pipeline. Service Callouts are not available in the Response...
Background Both existing and prospective users of the Oracle API Platform often ask about how Oracle API Platform performs. What they're really asking is "How...
Background Both existing and prospective users of the Oracle API Platform often ask about how Oracle API Platform performs. What they're really asking is "How long will it take from when my client invokes an API (via the Gateway) to when they will get a response?" And the answer is... "It depends". That seemingly unhelpful answer is precisely why this blog exists. Basic understanding of the flow Let's consider this very simple view of what happens when some client invokes...
Background Both existing and prospective users of the Oracle API Platform often ask about how Oracle API Platform performs. What they're really asking is "How long will it take from when my...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed in "production" mode. Without SSL certificate you won't able to deploy an API to gateway node, because in production mode gateway must communicate with APIP management tier over SSL. Another use-case is when backend service is SSL enabled. We will discuss both the scenarios in this blog. 1. Configure certificate in...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed in "production" mode. Without...
A more up-to-date version of this blog is available here Purpose The purpose of this post is to demonstrate through a practical example how a Developer might...
A more up-to-date version of this blog is available here Purpose The purpose of this post is to demonstrate through a practical example how a Developer might enrich an API payload using a Service Callout from within a Groovy Policy. Background Since the release of Oracle API Platform v17.2.5, there has been a standard Policy entitled Service Callout 2.0 (version 1.0 having been deprecated at that release). That Policy facilitates the asynchronous invocation of an arbitrary...
A more up-to-date version of this blog is available here Purpose The purpose of this post is to demonstrate through a practical example how a Developer might enrich an API payload using a...
Once you have provisioned an Oracle API Platform CS instance, one of the first things you will notice is the access to the various consoles are done via Public...
Once you have provisioned an Oracle API Platform CS instance, one of the first things you will notice is the access to the various consoles are done via Public IP addresses: Another issue you will come across is that the certificate used for the instance is "Not Secure", and therefore HTTPS is disabled due to an invalid certificate: The focus of this blog is to walk through the details of how to customize your APIPCS environment for your business, which includes defining a...
Once you have provisioned an Oracle API Platform CS instance, one of the first things you will notice is the access to the various consoles are done via Public IP addresses: Another issue you will...
There are many tools in the market to design, develop, and test API's. Some of these tools could be used separately. Some others could be combined. Every time a...
There are many tools in the market to design, develop, and test API's. Some of these tools could be used separately. Some others could be combined. Every time a change is introduced in the design or implementation of an API, it would be nice to have tests and builds run automatically. Continuous Integration (CI) is a software development practice that allows builds and tests to be triggered every time new code is pushed to the repository. There are may tools that could be...
There are many tools in the market to design, develop, and test API's. Some of these tools could be used separately. Some others could be combined. Every time a change is introduced in the design or...
This blog provides steps to get Oracle API Gateway up and running on Oracle cloud- OCI Classic VM We will see following steps: 1. Create compute instance on...
This blog provides steps to get Oracle API Gateway up and running on Oracle cloud- OCI Classic VM We will see following steps: 1. Create compute instance on Oracle Cloud Infrastructure Classic (OCI-classic) 2. Create Logical gateway in API management console and Assign grants to add nodes 3. Connect OCI-classic instance using SSH and copy setup files 4. Configure user, Entropy value on Linux OS 5. API Physical Gateway setup (gateway node setup) 6. Security rules changes in...
This blog provides steps to get Oracle API Gateway up and running on Oracle cloud- OCI Classic VM We will see following steps: 1. Create compute instance on Oracle Cloud Infrastructure...
Introduction Establishing secure connections between API boundaries is something that most companies (if not all) will be concerned about during the...
Introduction Establishing secure connections between API boundaries is something that most companies (if not all) will be concerned about during the implementation of API-based projects. This is important whether if you are exposing APIs for consumption or if you are invoking existing APIs. In order to establish secure connections, SSL certificates are the most well known practice used to ensure data confidentiality. However; importing SSL certificates into the API Gateway...
Introduction Establishing secure connections between API boundaries is something that most companies (if not all) will be concerned about during the implementation of API-based projects. This is...
