Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 1. Introduction to advanced operation of 3scale API Management APIcast API gateway
The introduction to advanced operation of 3scale APIcast will help you to adjust the configuration of access to your application programming interface (API).
1.1. Public base URL for calls to 3scale API Management APIs
The Public Base URL is the URL that your API consumers use to make requests to your API product, which is exposed publicly with 3scale. This will be the URL of your APIcast instance.
If you are using one of the Self-managed deployment options, you can choose your own Public Base URL for each of the environments provided (staging and production) on a domain name you are managing. This URL should be different from the one for your API backend, and could be something like https://api.yourdomain.com:443, where yourdomain.com is the domain that belongs to you. After setting the Public Base URL, make sure you save the changes and, if necessary, promote the changes in staging to production.
The Public Base URL that you specify must use a port that is available in your OpenShift cluster. By default, the OpenShift router listens for connections only on the standard HTTP and HTTPS ports (80 and 443). If you want users to connect to your API over some other port, work with your OpenShift administrator to enable the port.
APIcast accepts calls to only the hostname specified in the Public Base URL. For example, if you specify https://echo-api.3scale.net:443 as the Public Base URL, the correct call would be:
curl "https://echo-api.3scale.net:443/hello?user_key=you_user_key"
curl "https://echo-api.3scale.net:443/hello?user_key=you_user_key"In case you do not have a public domain for your API, you can use the APIcast IP address in the requests, but you still need to specify a value in the Public Base URL field even if the domain is not real. In this case, make sure you provide the host in the Host header. For example:
curl "http://192.0.2.12:80/hello?user_key=your_user_key" -H "Host: echo-api.3scale.net"
curl "http://192.0.2.12:80/hello?user_key=your_user_key" -H "Host: echo-api.3scale.net"
If you are deploying on a local machine, you can specify "localhost" as the domain, so the Public Base URL would look like http://localhost:80, and then you can make requests like this:
curl "http://localhost:80/hello?user_key=your_user_key"
curl "http://localhost:80/hello?user_key=your_user_key"If you have multiple API products, set the Public Base URL appropriately for each product. APIcast routes the requests based on the hostname.
1.2. How APIcast applies mapping rules for capturing usage of 3scale API Management APIs
Based on the requests to your API, mapping rules define the metrics or designate the methods for which you want to capture API usage. The following is an example of a mapping rule:
This rule means that any GET requests that start with / increment the metric hits by 1. This rule matches any request to your API. While this is a valid mapping rule, it is too generic and often leads to double counts if you add more specific mapping rules.
The following mapping rules for the Echo API show more specific examples:
Mapping rules work at the API product and API backend levels.
Mapping rules at the product level.
- The mapping rule takes precedence. This means that the product mapping rule is the first one to be evaluated.
- The mapping rule is always evaluated, independent of which backend receives the redirected traffic.
Mapping rules at the backend level.
- When you add mapping rules to a backend, these are added to all the products bundling said backend.
- The mapping rule is evaluated after the mapping rules defined at the product level.
- The mapping rule is evaluated only if the traffic is redirected to the same backend the mapping rule belongs to.
- The path of the backend for a product is automatically prepended to each mapping rule of the backend bundled to said product.
Example of mapping rules with products and backends
The following example shows mapping rules for a product with one backend.
The Echo API backend:
-
Has the private endpoint:
https://echo-api.3scale.net Contains 2 mapping rules with the following patterns:
/hello /bye
/hello /byeCopy to Clipboard Copied! Toggle word wrap Toggle overflow
-
Has the private endpoint:
The Cool API product:
-
Has this public endpoint:
https://cool.api -
Uses the Echo API backend with this routing path:
/echo.
-
Has this public endpoint:
Mapping rules with the following patterns are automatically part of the Cool API product:
/echo/hello /echo/bye
/echo/hello /echo/byeCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
This means that a request sent to the public URL
https://cool.api/echo/hellois redirected tohttps://echo-api.3scale.net/hello. -
Similarly, a request sent to
https://cool.api/echo/byeredirects tohttps://echo-api.3scale.net/bye.
-
This means that a request sent to the public URL
Now consider an additional product called Tools For Devs using the same Echo API backend.
The Tools For Devs product:
-
Has this public endpoint:
https://dev-tools.api -
Uses the Echo API backend with the following routing path:
/tellmeback.
-
Has this public endpoint:
Mapping rules with the following patterns are automatically part of the Tools For Devs product:
/tellmeback/hello /tellmeback/bye
/tellmeback/hello /tellmeback/byeCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
Therefore, a request sent to the public URL
https://dev-tools.api/tellmeback/hellois redirected tohttps://echo-api.3scale.net/hello. -
Similarly, a request sent to
https://dev-tools.api/tellmeback/byeredirects tohttps://echo-api.3scale.net/bye.
-
Therefore, a request sent to the public URL
If you add a mapping rule with the
/pingpattern to the Echo API backend, both products - Cool API and Tools For Devs- are affected:-
Cool API has a mapping rule with this pattern:
/echo/ping. -
Tools For Devs has a mapping rule with this pattern:
/tellmeback/ping.
-
Cool API has a mapping rule with this pattern:
Matching of mapping rules
3scale applies mapping rules based on prefixes. The notation follows the OpenAPI and ActiveDocs specifications:
-
A mapping rule must start with a forward slash (
/). Perform a match on the path over a literal string, which is a URL, for example,
/hello.- The mapping rule, once you have saved it, will cause requests to the URL string you have set and invoke metrics or methods you have defined around each mapping rule.
-
Mapping rules can include parameters on the query string or in the body, for example,
/{word}?value={value}). APIcast fetches the parameters in the following ways:
-
GETmethod: From the query string. -
POST,DELETE, orPUTmethod: From the body.
-
-
Mapping rules can contain named wildcards, for example,
/{word}. This rule matches anything in the placeholder{word}, which makes requests such as/morningmatch the mapping rule. Wildcards can appear between slashes or between a slash and a dot. Parameters can also include wildcards. -
By default, all mapping rules are evaluated from first to last, according to the sort order you specified. If you add a rule
/v1, it matches requests whose paths start with/v1, for example,/v1/wordor/v1/sentence. -
You can add a dollar sign (
$) to the end of a pattern to specify exact matching. For example,/v1/wordmatches only/v1/wordrequests, and does not match/v1/word/hellorequests. For exact matching, you must also ensure that the default mapping rule that matches everything (/) has been disabled. - More than one mapping rule can match the request path, but if none matches, the request is discarded with an HTTP 404 status code.
Mapping rules workflow
Mapping rules have the following workflow:
- You can define a new mapping rule at any time. See Defining mapping rules.
- Mapping rules are grayed out on the next reload to prevent accidental modifications.
- To edit an existing mapping rule, you must enable it first by clicking the pencil icon on the right.
- To delete a rule, click the trash icon.
- All modifications and deletions are saved when you promote the changes in Integration > Configuration.
Stop other mapping rules
To stop processing further mapping rules, select the option Last? when you create a new mapping rule, especially after processing one or more mapping rules. For example, if you have defined multiple mapping rules associated with different metrics in the API Integration Settings, such as:
(get) /path/to/example/search
(get) /path/to/example/{id}
(get) /path/to/example/search
(get) /path/to/example/{id}
The rule /path/to/example/search can be marked Last?, then when calling (get) /path/to/example/search, after matching this rule, APIcast stops processing and will not search for matches in the remaining rules, and the metric for the rule (get) /path/to/example/{id} will not be incremented.
1.3. How APIcast handles APIs that have custom requirements
There are special cases that require custom APIcast configuration so that API consumers can successfully call the API.
Host header
This option is only needed for those API products that reject traffic unless the Host header matches the expected one. In these cases, having a gateway in front of your API product causes problems because the Host is the one of the gateway, for example, xxx-yyy.staging.apicast.io.
To avoid this issue, you can define the host your API product expects in the Host Header field in the Authentication Settings: [Your_product_name] > Integration > Settings.
The result is that the hosted APIcast instance rewrites the host specification in the request call.
Protecting your API backend
After you have APIcast working in production, you might want to restrict direct access to your API product to only those calls that specify a secret token that you specify. Do this by setting the APIcast Secret Token. See Advanced APIcast configuration for information on how to set it up.
Using APIcast with private APIs
With APIcast, it is possible to protect the APIs that are not publicly accessible on the internet. The requirements that must be met are:
- Self-managed APIcast must be used as the deployment option.
- APIcast needs to be accessible from the public internet and be able to make outbound calls to the 3scale Service Management API.
The API product should be accessible by APIcast.
In this case, you can set your internal domain name or the IP address of your API in the Private Base URL field and follow the rest of the steps as usual. However, doing this means that you cannot take advantage of the staging environment. Test calls will not be successful because the staging APIcast instance is hosted by 3scale, which does not have access to your private API backend. After you deploy APIcast in your production environment, if the configuration is correct, APIcast works as expected.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}