Setting up API Gateway with AMPLIFY Central

API Gateway with AMPLIFY Central
API Gateway with AMPLIFY Central

In this post, I will walk you through how to prepare and connect Axway API Gateway with AMPLIFY™ Central. Once the setup is complete, you will see the APIs exposed and managed in on-premise API Manager/Gateway are available on AMPLIFY Central for consumers. Also, the monitoring data of these APIs are available in Central. This connectivity is achieved by using two lightweight agents (for Discovery and Traceability).

Discovery Agent—this is a lightweight agent that runs in the background and keeps polling the API manager for any new APIs registered. If an API matches the tag criteria provided in the config file, the Agent uploads that API to Central.

Traceability Agent—this is a lightweight agent that runs in the background and keeps parsing through the event log. Depending on the match criteria mentioned in the config file, Agents find traffic data and upload data to Central. This data becomes available in Central under the API Observer tab.

Pre-Requisite

There are a few pre-requisites to set up the gateway.

  1. Axway API Gateway and Manager up and running.
  2. The machine where users have install rights and API Gateway/manager should be accessible from the machine. Users should have sudo rights to this machine.
  3. js 8.0 or later.
  4. Axway AMPLIFY Central subscription in the AMPLIFY™ platform. Click here for trial SignUp.

API Gateway with AMPLIFY Central Setup

Following setup, instructions are divided into three different parts: Common, Discovery Agent, Traceability Agent.

  1. Common
    1. Log in to the machine where you would be installing the Discovery and Traceability agents. It can be a standalone machine or the same machine where you have your API gateway and manager running.
    2. Using the following command, generate a private and public key pair. This key pair is to set up a service account in AMPLIFY Central and used by agents to communicate with AMPLIFY Central platform.

openssl genpkey -algorithm RSA -out ./private_key.pem -pkeyopt rsa_keygen_bits:2048

openssl rsa -pubout -in ./private_key.pem -out ./public_key.pem

  1. The next step is to create a service account in Amplify Central. Log in to AMPLIFY Central UI as an Administrator and create a service account for the agents. Add the public key that you created earlier. When the account is created, copy the client identifier from the Client ID.

  1. Next, create an environment object in AMPLIFY Central that represents the effective Axway API Gateway environment. Depending on your needs, you can create as many environments as required. Each discovered API or Traffic will be associated with this environment. You can create your environment using either the UI, API, or CLI. For this post, we will create an environment using UI. Follow the “Add your API Gateway V7 environment.”
  2. Now go back to the machine where you want to install the Discovery and Traceability agents. Next, we will download, set up, and run these agents.

  3. Move the public and private keys created in step 2 to a common key’s directory for both agents to refer to it without issues.

  1. Discovery Agent
    1. Download the Discovery agent using the command below.

curl -L “https://axway.bintray.com/generic-repo/v7-agents/v7_discovery_agent/latest/discovery_agent-latest.zip” -o discovery_agent-latest.zip

  1. Unzip the Discovery agent file to the desired location from where you want to run the agent.
  1. We need to set some configuration values to point to the API Gateway, manager, and central. We have two options here: either create an env_vars file or modify discovery_agent.yml file which is downloaded as part of the agent zip file. For this example, we will modify the .yml file.

apimanager:
host: localhost
port: 8075
filter: tag.amplifyCentral == true
pollInterval: 30s
auth:
username: API Manager username
password: API Manager password
ssl:
insecureSkipVerify: true
subscriptionApplicationField: subscriptions
proxyApicIDField: APIC_ID

central:
url: https://apicentral.axway.com

teamID: Find it from your amplify central portal
tenantID: “Find it from your amplify central portal”
mode: publishToEnvironmentAndCatalog
environment: “name from step 1.4”
apiServerVersion: v1alpha1
auth:
url: “https://login.axway.com/auth
realm: “Broker”
clientid: “Copy from Service Account creation step”
privatekey: “path from step 1.6”
publickey: “path from step 1.6”
keyPassword: “”
timeout: 10s

log:
level: info
format: json
output: file
path: logs

  1. Value for teamID can be found at Central > Access > Teams; tenantID can be fond in Amplify Central Platform -> Organization screen; clientId can be found in service accounts. Discovery agent variables are well documented at the link:

Team Id

  1. Once the YAML file is updated, start the discovery agent. If the YAML file is in the same folder, then simply run the ./discovery_agent script. Otherwise, you can pass command-line flags which are documented in the Discovery Agent flags documentation.
  1. The Discovery agent uses API tags to figure out which APIs from the API manager need to be discovered and published to Amplify Central. e.g. in the YAML config file, we instructed the Discovery agent to find all the APIs where the API tag ‘amplifyCentral’ value is set to true. This is a critical step and must be performed for Discovery agents to be able to discover and publish APIs to Central. In this example, I will update the tags of PetStore API.
  1. To set up a tag, go to the API manager and edit your front-end API. Under the API tab, add the desired tags. TThe tags should match your configuration file.

 

  1. Once the API is saved and published, the Discovery agent will find the PetStore API as it matches the polling criteria and publishes it to AMPLIFY Central Catalog and Environments.

View from Topology—Environments

View from Catalog

  1. Once the API is published to the catalog, a reference value is generated by Central and sent back to the API manager. A custom APIC_ID field can be added in the API Manager > API screen to display the APIC_ID value. To make these changes, you can follow instructions at this link: The link has information on how to modify the application field, but similarly, the API can have additional fields too.
  1. Additionally, if there are any subscriptions in Central for the API, those can be correlated with v7 Applications and the cross-reference can be recorded.

This concludes setting up a Discovery agent, next up is how to set up a traceability agent to see runtime analytics in Central.

  • Traceability Agent
    1. Download the Traceability Agent using the command below.

curl -L “https://axway.bintray.com/generic-repo/v7-agents/v7_traceability_agent/latest/traceability_agent-latest.zip” -o traceability_agent-latest.zip

  1. Unzip the files to the desired location.
  2. Similar to the Discovery agent, we need to update the Traceability agent configuration value to point to the API gateway, manager and central. For this example, we will modify the .yml file.

 

################### Beat Configuration #########################
traceability_agent:
inputs:
– type: log
paths:
– /opt/Axway/APIM/apigateway/events/group-2_instance-.log
include_lines: [‘.
“type”:”transaction”.“type”:”http”.‘]

Send output to Central Database

output.traceability:
pipelines: 0
enabled: true
hosts: “ingestion-lumberjack.datasearch.axway.com:453”
ssl:
enabled: true
verification_mode: none
agent:
central:
url: “https://apicentral.axway.com
deployment: “prod”
tenantID: “”
environment: “”
auth:
url: “https://login.axway.com/auth
realm: “Broker”
clientId: “”
privateKey: “path from step 1.6”
publicKey: “path from step 1.6”
keyPassword: “”
timeout: 10s
apigateway:
host: localhost
port: 8090
pollInterval: 1m
auth:
username: api gateway username
password: api gateway password
ssl:
insecureSkipVerify: true
apimanager:
proxyApicIDField: APIC_ID
host: localhost
port: 8075
apiVersion: 1.3
pollInterval: 1m
auth:
username:api manager admin username
password: api manager password
ssl:
insecureSkipVerify: true

logging:
metrics:
enabled: false

Send all logging output to stderr

to_stderr: false

Send all logging output to file

to_files: true
files:
path: logs
name: trace_logs.txt
keepfiles: 7
permissions: 0644

Set log level

level: info

 

  1. Values like tenantID can be found in the AMPLIFY Central platform -> Organization screen; clientId can be found in the service accounts; Traceability agent variables are well documented at the link. Refer to 2.4 to see screenshot.
  2. Once the YAML file is updated, start the Traceability agent. If the YAML file is in the same folder, then simply run ./traceability_agent script. Otherwise, you can pass the command-line flags which are documented here.
  3. The Traceability Agent parse through the files based on the event-file path and pattern provided. Depending on the data found, the agent pushes it to AMPLIFY Central.
  4. To see if the agent is working fine, go to AMPLIFY Central and open the API Observer tab. You will be able to see the monitoring data for the APIs discovered earlier. If you don’t see any data, then invoke a few different API methods in the exposed API.
  5. You can click on any of the transactions to see the details. It will show you the lifecycle of an API call such as time taken, request/response headers, etc.

This brings me to the end of my post.

We saw how easy and quick it is to expose your on-premise APIs in the Unified Catalog and make it consumption-ready for external partners/applications.

Please don’t hesitate to reach out to us if you need any help.