Implementing Oracle API Gateway

Implementing Oracle API Gateway

May 3, 2024 | seedling, permanent

tags :

Implementing Gateway on #

, ref Evernote: course certificate

Course Details #

to create API gateway

Caching #

A][ref]] ref

Creating API specs #

  • Adding api specs

creating from APIs #

ref

Three types of method to serve a route #

  3. Stock Response Hard coded response

#

It is possible to add custom CA to the gateway

API Description #

Deployment specifications #

Query parameters #

Oracle integrations and API gateway #

for the automation.

Policies of API gateway #

before the request reaches the backend servers these policies validate the request:

Route level policies

Global policies #

Request policies #

Response policies #

Applying policies #

policy, request transformation and response caching policies can be applied.

Rate limit policy #

Authentication and Authorization #

#

Custom Authorizer function #

oci ref

#

OCR of Images #

2023-10-31_11-17-09_screenshot.png #

Overview of API Gateway Tr Techsuppe The API Gateway service enables you to create governed HTTP/S interfaces for other services, including Oracle Functions, Container Engine for Kubernetes, and Container Registry. Monitoring Rate Limiting Routing API Gateway also provides policy enforcement such as authentication and rate-limiting to HTTP/S endpoints. Security API GW Response Caching API GW is completely managed by Oracle and customer don't need to worry about it's manageability.

2023-10-31_11-21-43_screenshot.png #

Features of API Gateway Tr TechSup API Designing and Deployment Available Policies Supports Open API 2.x and 3.x Stock responses Custom domains CLI, API, Terraform, SDK Client SDK generation JWT Validation CORS Rate limiting Transformation of req/res Request validation Routing Logging and Monitoring High Availability and performance Built in metrics Access logs Execution logs Response caching Automatic failover Highly available Supports logging analytics

2023-10-31_11-23-13_screenshot.png #

API GW Terminologies Cont. Tr Techsupp API Gateway A virtual network appliance in a regional subnet. Can be public and private. Route inbound traffic to backend APIS such as Oracle functions, Saas API, public APIs, private APIs.

2023-10-31_11-24-23_screenshot.png #

API GW Terminologies Cont. r - Techsuppe APIS APls are the backend APIS APls can have different methods such as PUT, GET, POST, DELETE, PATCH. The APIS are deployed on the API Gateway

2023-10-31_11-24-43_screenshot.png #

- API GW Terminologies Cont. - Techsupper API Deployment Backend APIs are bundled in API Deployment to be deployed on API GW. Before the API gateway can handle requests to the API, you must create an API deployment.

2023-10-31_11-25-04_screenshot.png #

API GW Terminologies Cont. - Techsuppe API Deployment Specification API deployment specification describes some aspects of an API deployment. Each API deployment specification describes one or more back-end resources, the route to each back-end resource, and the methods (for example, GET, PUT) that can be performed on each resource.

2023-10-31_11-26-55_screenshot.png #

API GW Terminologies Cont. - I Techsupi Front ends It can be public or private. If Public, APIS are served over public IPs via the API GW If Private, APIS are served over private endpoints via the API GW

2023-10-31_11-27-24_screenshot.png #

Back ends The actual APls that serves the request. It can be third party backends, OCI backends, Saas backends.

2023-10-31_11-27-34_screenshot.png #

Routes A route is the mapping between a path, one or more methods, and a back-end service. Routes are defined in API deployment specifications

2023-10-31_11-28-03_screenshot.png #

Policies API GW has various request and response policies which can be applied at request as well as response. Policies can be added to an API deployment specification that apply globally to all routes in the API deployment specification, as well as policies that apply only to particular routes.

2023-10-31_11-29-19_screenshot.png #

Workflow to create API GW r Techsupp 1. 2. 3. Create Groups and Users Create Create VCN and Compartment Subnets 4. Create API GW Create IAM Policies

2023-10-31_11-31-37_screenshot.png #

Pre-requisites to setup APIC GW I - A Oracle cloud tenancy. Privileges to create resources in OCI VCN and Subnet Sufficient quota to create API GW

2023-10-31_11-42-08_screenshot.png #

Create API API Gateway APIs in TestCo NAME TestAPI Gateways APIs Certificates Create API I Name COMPARTMENT TestCompartment techsuppercloud (root TestCompartment List Scope COMPARTMENT TestCompartment techsuppercloud foot/RestiCompartment UPLI OAD API DESCRIPTION FILE (SWAGGER, OPENAPI 3.X SPECIFICATION)  Drop a file. Browse, JSON or YAML format o Show Advanced Options Fiters STATE Any state Tag Filters add I clear : a - no tag hiters applied Create API Cancel

2023-10-31_11-53-18_screenshot.png #

vicalel Depicymlent Basic Information Routes Review Route 1 PATH /emp METHODS Select backend type HTTR, Oracle Functions V Stock Response - - - Specifies the type of the backend service. Learnmore about the Stock Response backend. STATUS CODE 200 BODY OPTIONAL ("name":"xyz") HEADER NAME OPTIONAL HEADER VALUE OPTIONAL Previous Next Cancel

2023-10-31_11-56-57_screenshot.png #

€ Create API resource using API Description Tr TechSupper The API resource has an API description that describes Create API the API. API Gateway NAME Gateways APIs Ifyou use an API resource to deploy an API on an API OMPARTMENT TestCompartment prootin Comp tment gateway, its API description pre-populates some of the Certificates properties of the API deployment specification. List Scope COMPARTMENT TestCompartment UPLOAD API ESCRIR Pr TION FILE (SWAGGER OPENAPI ax C I IFICATION € Drop a file. Browse, JSON YAME We import the API description from a file (referred as API specification/Spec) created either in OpenAPI (erstwhile Swagger Specification) Specification version 2.0 or version 3.0. API resource in the API Gateway service is optional.

2023-10-31_12-04-05_screenshot.png #

€ Create API deployment specification Tr Techsupper API deployment specification describes a set ARG of resources /employee, /order), and the TestGW HTTP verbs (GET, POST, etc.) that can be - performed on each resource Deployments k

2023-10-31_12-10-53_screenshot.png #

Fetch query parameter T Techs Backend API: httpss/restcountries.com/va.1/All Route: /service URL: htps/restcountries.com/a1/Sicequest.query/namel) Test URL: https://sgateway url> - /service?name-all

2023-10-31_12-11-44_screenshot.png #

Fetch single path parameter Tr Te Backend API: https://restcountries.com/ /3.1/alpha/(code)  Route: /service/(code) URL: https://restcountries.com/v3.1/alpha/Sirequest.path/codel) k Test URL: https://sgateway urb/service/alpha/pe

2023-10-31_12-12-58_screenshot.png #

Fetch multiple path parameter Tr Techsupp Backend API-1: htps/estcountries.com/as/eumens/ede) Backend API-2: https://restcountries.com/V8.1/name/iname) Route: /service/(servicenamel/(param) URL: https://restcountries.com/V3.1/Sirequest.pathlservicenamely/S(request.pat h/param]) Test URL-1: https://sgateway urb/service/urrensy/es Test URL-2: https://sgateway. urb/service/name/india

2023-10-31_12-17-54_screenshot.png #

Integration between Oracle Integration and API GW Tr TechSup % Oracle allows a seamless integration between Oracle Integration and API GW to manage/configure all the REST based integration via API GW. % After activating a REST based integration in Oracle Integration, you can publish the open API specification and deploy the endpoint to Oracle API Gateway. C Benefits of this integration is to remove the manual work to add the REST based integration to API GW.

2023-10-31_12-42-38_screenshot.png #

Agenda - Request and Response Policies Global Policies Request Policies Request Policies validation mode Response Policies Response Caching

2023-10-31_14-19-38_screenshot.png #

Request and Response Policies Tr Techsup Request and Response policies are defined while defining the API deployment specification which control the behaviour of API deployment. The policies can be applied at request and response levels. The benefits of policies is that we can prevent unnecessary load to the backend APIS by only sending valid requests and invalid requests can be terminated at API gateway level. The request policies are applied on an incoming request from an API client before it is sent to a back end. A response policies are applied on a response returned from a back end before it is sent to an API client.

2023-10-31_14-20-45_screenshot.png #

Request and Response Policies cont. Request and Response policies includes: Limit the request Cross Origin Resource Sharing (CORS) Authentication and Authorization Validate request Transform request Transform response Cache the response

2023-10-31_14-22-02_screenshot.png #

€ Global Policies rechsupper Applied to all the routes in the API deployment specification. Edit Deployment Basic Information Boutes Bevisn API Request Policies 1. Mutual TLS: Control access to APIs you deploy to API gateways based on the TLS certificate presented by Mutual-TLS Requires client to provide TLS certificate ENABLE MTLS the API client making a request. Authentication Configures authentication 2. Authentication: Control access to APIs you deploy to API gateways based on the end user sending a request, and define what it is that they are allowed to do. Add CORS Configures CORS access Add 3. CORS: Enable CORS support in the APIs you deploy to Rate Limiting Configures rate limiting API gateways. Add 4. Rate Limiting: Limit the rate at which API clients can make requests to back-end services.

2023-10-31_14-23-10_screenshot.png #

Request Policies Techsuppe Edit Deployment 1. CORS Banc Intormation Routes n Route Requenu Poice CORS Contigures CORS acces - 2. Header Validations 3. Query Parameter Validations Add 4. Body validation Header Validations Configures header valdations 5. Header Transformation Aad Query Parameter Validations Configured query parameter vak ons 6. Query Parameter Transformation a Body Validation Configures body vatiomtion Aad Header Transformations Contigures neader anstomations Add Query Parameter Transformations Confiqures query parameter

2023-10-31_14-23-22_screenshot.png #

Request Policies validation mode Techsupp 1. 2. 3. Enforcing Permissive Disabled Validates all the requests against the validation policy. Request sent to backend API only if validation passes. API GW throw 4xx response code in case validation fails. Validate all the requests against the validation policy. Request sent to backend API even if validation fails. Doesn't validate the requests against the validation policy. All the request send to the backend API. Iti is used to observe the behavior against the traffic, before blocking API calls.

2023-10-31_14-27-15_screenshot.png #

Response Caching Tr Techsupp % The major challenge the API client faces is the performance issues due to the overburden on the backend APIs. And often when the response doesn't come back user tries to load/hit the page until they receive the response. % Caching the response can help to improve the performance and reduce the unnecessary load on back-end services. Response Caching can also save costs as the request can be served from the caching server without sending the request to backend API. & The mechanism of cache is to save the response to requests and re-use later if needed.

2023-10-31_14-28-13_screenshot.png #

€ Response Caching Cont. Tr Techsupper X The API Gateway server can be integrated with an external cache server such as Redis or KeyDB server. You can configure API gateways managed by the API Gateway service to: Store data in the cache server that has been returned by a back-end > service in response to an original request. Retrieve previously stored data from the cache server in response to a later request that is similar to the original request, without sending the later request to the back-end service.

2023-10-31_14-29-06_screenshot.png #

Response Caching Cont. Response caching can be enabled at: 1. API Gateway level 2. Route level

2023-10-31_15-14-44_screenshot.png #

Rate Limit Policy Tr Te Used to limit the rate at which API clients can make requests to back-end services. For example: Maintain high availability Prevent denial-of-service attacks Constrain costs of resource consumption Restrict usage of APIs by your customers' users in order to monetize APIS

2023-10-31_15-16-56_screenshot.png #

ORACLE Cloud Search for resources, services, and documentation India South (Hyderabad) V Edit Deployment Rate Limiting Policy Help nequires CmeriL LU proviue ILO curuncate ENABLE MTLS NUMBER OF REQUESTS PER SECOND 1000 Select rate key Total Per cliens (IP) Basic Information Routes Review Authentication Configures authentication CORS Configures CORS access Rate Limiting Configures rate limiting Support : API Logging Policies Next Cancel

2023-10-31_15-31-53_screenshot.png #

Authentication and Authorization to API Deployment I - - Techs API Gateways allows to control the access to the APIs deployed on the Gateway and contr what are allowed to do. In General, the APIS we deploy, we'll typically include: Authentication Authorization Identify the user is valid or not. Identify the user has appropriate access to call the APIs.

2023-10-31_15-32-36_screenshot.png #

Authentication and Authorization to API Deployment cont. API Gateway supports the following authentication and authorization policies: 1. Custom (Authorizer Function) 2. JWT (JSON Web Tokens)

2023-10-31_15-33-32_screenshot.png #

Custom (Authorizer Function ) 1 Authentication Type Tr Techsu We can control access to APIS you deploy to API gateways using an authorizer function. We can add authentication and authorization functionality to API gateways by writing an authorizer function that allows to: Processes request attributes to verify the identity of an end user with an identity provider. Determines the operations that the end user is allowed to perform. Returns the operations the end user is allowed to perform as a list of access scopes. The Authorizer function you can write in any language (Java, Python, Node, Go, and Ruby) and deploy to Oracle Function.

2023-10-31_15-34-21_screenshot.png #

JWT (JSON Web Tokens) Authentication type Tr Techsupp AJWT is a JSON-based access token sent in an HTTP request by the API client to a resource. JWTS are issued by identity providers (for example, Oracle Identity Cloud Service (IDCS), Auth0, Okta). When an API client attempts to access a protected resource, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key, either by invoking a validation end-point on the authorization server or by using a local verification key provided by the authorization server.

2023-10-31_16-17-53_screenshot.png #

Agenda Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-35-06_screenshot.png #

JWT (JSON Web Tokens) cont. D - - TechSup JWT compromises the three parts: Header Payload Signature Identifies the type of token and the cryptographic algorithm used to generate the signature. Containing claims about the end user's identity, and the properties of the JWT itself. Iti includes information in key value pair such as: Expiration time(exp) Audience(aud) Issuer (isu) Issued At (iat) Validate the authenticity of the JWT.

2023-10-31_15-36-00_screenshot.png #

Authorization types Techsupp The Authorization allows users what they are allowed to do. The Authorization is applied at the route level. There are three types of Authorization: Any Anonymous Authentication only Grant access to end users that have been successfully authenticated: Grant access to all end users, even if they have not been successfully authenticated by The authorizer function Only grant access to end users that have been successfully authenticated by The authorizer function Provided the authorizer function has also returned one of the access scopes. Provided the JWT has a scope claim that includes at least one of the access scopes. JWT JWT

2023-10-31_15-37-26_screenshot.png #

Agenda - Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-39-03_screenshot.png #

ORACLE Cloud integrations Saudi Arabia West (Jeddah) V Identity > Domains: > Default domain e Integrated applications Identity domain In Add application Help Overview Users Groups Dynamic groups Integrated applications Oracle Cloud Services Jobs Reports Security Settings Notifications Branding by application name, description, or tags. Application Catalog Status Add an application from the Application Catalog. Choose from a collection of partially configured application templates for popular Software as a Service (Saas) applications, such as Amazon Web Services and Google Suite. Using the templates, you can define the application, configure SSO, and configure provisioning. SAML Application No app to display Page 1 > Mobile Application Confidential Application Enterprise Application Launch app catalog Cancel Tag filters add - clear no tag filters applied

2023-10-31_16-02-59_screenshot.png #

Insights into the Logging I - - I - Techsupp APIS are the heart of digital transformation hence the APIS become critical to run the business smother. Keeping them operational and performing needs understanding and insight into the infrastructure supporting them. There are occasions when you'll need to see more detail about the flow of traffic into and out of the API gateway. For example, you might want to review responses returned to API clients, or to troubleshoot errors. You can specify that the API Gateway service stores information about requests and responses going through an API gateway, and information about processing within an API gateway, as logs in the Oracle Cloud Infrastructure Logging service.

2023-10-31_16-05-40_screenshot.png #

API GW logging cont. Techsupt Execution logs supports three types of log level. Information Warning Error Contains a summary of every processing Contains the Contains the summary of persistent errors occurred during processing. summary of transient errors occurred during processing. stage For ex: connection timeout. For ex: 404 error.

2023-10-31_16-07-41_screenshot.png #

OCI Logging analytics Tr Techsupt OCI Logging Analytics provides multiple ways of gaining operational insights from the API GW logs. You can use the Log Explorer UI to search and explore log information and aggregate into dashboards. Log Analytics has Oracle prebuilt parsers and source for API Gateway. Currently, API Gateway logs can be automatically ingested using Object Storage buckets. You can also stream API Gateway logs to Object Storage using the Service Connector Hub.

OCR of Images #

2023-10-31_11-17-09_screenshot.png #

Overview of API Gateway Tr Techsuppe The API Gateway service enables you to create governed HTTP/S interfaces for other services, including Oracle Functions, Container Engine for Kubernetes, and Container Registry. Monitoring Rate Limiting Routing API Gateway also provides policy enforcement such as authentication and rate-limiting to HTTP/S endpoints. Security API GW Response Caching API GW is completely managed by Oracle and customer don't need to worry about it's manageability.

2023-10-31_11-21-43_screenshot.png #

Features of API Gateway Tr TechSup API Designing and Deployment Available Policies Supports Open API 2.x and 3.x Stock responses Custom domains CLI, API, Terraform, SDK Client SDK generation JWT Validation CORS Rate limiting Transformation of req/res Request validation Routing Logging and Monitoring High Availability and performance Built in metrics Access logs Execution logs Response caching Automatic failover Highly available Supports logging analytics

2023-10-31_11-23-13_screenshot.png #

API GW Terminologies Cont. Tr Techsupp API Gateway A virtual network appliance in a regional subnet. Can be public and private. Route inbound traffic to backend APIS such as Oracle functions, Saas API, public APIs, private APIs.

2023-10-31_11-24-23_screenshot.png #

API GW Terminologies Cont. r - Techsuppe APIS APls are the backend APIS APls can have different methods such as PUT, GET, POST, DELETE, PATCH. The APIS are deployed on the API Gateway

2023-10-31_11-24-43_screenshot.png #

- API GW Terminologies Cont. - Techsupper API Deployment Backend APIs are bundled in API Deployment to be deployed on API GW. Before the API gateway can handle requests to the API, you must create an API deployment.

2023-10-31_11-25-04_screenshot.png #

API GW Terminologies Cont. - Techsuppe API Deployment Specification API deployment specification describes some aspects of an API deployment. Each API deployment specification describes one or more back-end resources, the route to each back-end resource, and the methods (for example, GET, PUT) that can be performed on each resource.

2023-10-31_11-26-55_screenshot.png #

API GW Terminologies Cont. - I Techsupi Front ends It can be public or private. If Public, APIS are served over public IPs via the API GW If Private, APIS are served over private endpoints via the API GW

2023-10-31_11-27-24_screenshot.png #

Back ends The actual APls that serves the request. It can be third party backends, OCI backends, Saas backends.

2023-10-31_11-27-34_screenshot.png #

Routes A route is the mapping between a path, one or more methods, and a back-end service. Routes are defined in API deployment specifications

2023-10-31_11-28-03_screenshot.png #

Policies API GW has various request and response policies which can be applied at request as well as response. Policies can be added to an API deployment specification that apply globally to all routes in the API deployment specification, as well as policies that apply only to particular routes.

2023-10-31_11-29-19_screenshot.png #

Workflow to create API GW r Techsupp 1. 2. 3. Create Groups and Users Create Create VCN and Compartment Subnets 4. Create API GW Create IAM Policies

2023-10-31_11-31-37_screenshot.png #

Pre-requisites to setup APIC GW I - A Oracle cloud tenancy. Privileges to create resources in OCI VCN and Subnet Sufficient quota to create API GW

2023-10-31_11-42-08_screenshot.png #

Create API API Gateway APIs in TestCo NAME TestAPI Gateways APIs Certificates Create API I Name COMPARTMENT TestCompartment techsuppercloud (root TestCompartment List Scope COMPARTMENT TestCompartment techsuppercloud foot/RestiCompartment UPLI OAD API DESCRIPTION FILE (SWAGGER, OPENAPI 3.X SPECIFICATION)  Drop a file. Browse, JSON or YAML format o Show Advanced Options Fiters STATE Any state Tag Filters add I clear : a - no tag hiters applied Create API Cancel

2023-10-31_11-53-18_screenshot.png #

vicalel Depicymlent Basic Information Routes Review Route 1 PATH /emp METHODS Select backend type HTTR, Oracle Functions V Stock Response - - - Specifies the type of the backend service. Learnmore about the Stock Response backend. STATUS CODE 200 BODY OPTIONAL ("name":"xyz") HEADER NAME OPTIONAL HEADER VALUE OPTIONAL Previous Next Cancel

2023-10-31_11-56-57_screenshot.png #

€ Create API resource using API Description Tr TechSupper The API resource has an API description that describes Create API the API. API Gateway NAME Gateways APIs Ifyou use an API resource to deploy an API on an API OMPARTMENT TestCompartment prootin Comp tment gateway, its API description pre-populates some of the Certificates properties of the API deployment specification. List Scope COMPARTMENT TestCompartment UPLOAD API ESCRIR Pr TION FILE (SWAGGER OPENAPI ax C I IFICATION € Drop a file. Browse, JSON YAME We import the API description from a file (referred as API specification/Spec) created either in OpenAPI (erstwhile Swagger Specification) Specification version 2.0 or version 3.0. API resource in the API Gateway service is optional.

2023-10-31_12-04-05_screenshot.png #

€ Create API deployment specification Tr Techsupper API deployment specification describes a set ARG of resources /employee, /order), and the TestGW HTTP verbs (GET, POST, etc.) that can be - performed on each resource Deployments k

2023-10-31_12-10-53_screenshot.png #

Fetch query parameter T Techs Backend API: httpss/restcountries.com/va.1/All Route: /service URL: htps/restcountries.com/a1/Sicequest.query/namel) Test URL: https://sgateway url> - /service?name-all

2023-10-31_12-11-44_screenshot.png #

Fetch single path parameter Tr Te Backend API: https://restcountries.com/ /3.1/alpha/(code)  Route: /service/(code) URL: https://restcountries.com/v3.1/alpha/Sirequest.path/codel) k Test URL: https://sgateway urb/service/alpha/pe

2023-10-31_12-12-58_screenshot.png #

Fetch multiple path parameter Tr Techsupp Backend API-1: htps/estcountries.com/as/eumens/ede) Backend API-2: https://restcountries.com/V8.1/name/iname) Route: /service/(servicenamel/(param) URL: https://restcountries.com/V3.1/Sirequest.pathlservicenamely/S(request.pat h/param]) Test URL-1: https://sgateway urb/service/urrensy/es Test URL-2: https://sgateway. urb/service/name/india

2023-10-31_12-17-54_screenshot.png #

Integration between Oracle Integration and API GW Tr TechSup % Oracle allows a seamless integration between Oracle Integration and API GW to manage/configure all the REST based integration via API GW. % After activating a REST based integration in Oracle Integration, you can publish the open API specification and deploy the endpoint to Oracle API Gateway. C Benefits of this integration is to remove the manual work to add the REST based integration to API GW.

2023-10-31_12-42-38_screenshot.png #

Agenda - Request and Response Policies Global Policies Request Policies Request Policies validation mode Response Policies Response Caching

2023-10-31_14-19-38_screenshot.png #

Request and Response Policies Tr Techsup Request and Response policies are defined while defining the API deployment specification which control the behaviour of API deployment. The policies can be applied at request and response levels. The benefits of policies is that we can prevent unnecessary load to the backend APIS by only sending valid requests and invalid requests can be terminated at API gateway level. The request policies are applied on an incoming request from an API client before it is sent to a back end. A response policies are applied on a response returned from a back end before it is sent to an API client.

2023-10-31_14-20-45_screenshot.png #

Request and Response Policies cont. Request and Response policies includes: Limit the request Cross Origin Resource Sharing (CORS) Authentication and Authorization Validate request Transform request Transform response Cache the response

2023-10-31_14-22-02_screenshot.png #

€ Global Policies rechsupper Applied to all the routes in the API deployment specification. Edit Deployment Basic Information Boutes Bevisn API Request Policies 1. Mutual TLS: Control access to APIs you deploy to API gateways based on the TLS certificate presented by Mutual-TLS Requires client to provide TLS certificate ENABLE MTLS the API client making a request. Authentication Configures authentication 2. Authentication: Control access to APIs you deploy to API gateways based on the end user sending a request, and define what it is that they are allowed to do. Add CORS Configures CORS access Add 3. CORS: Enable CORS support in the APIs you deploy to Rate Limiting Configures rate limiting API gateways. Add 4. Rate Limiting: Limit the rate at which API clients can make requests to back-end services.

2023-10-31_14-23-10_screenshot.png #

Request Policies Techsuppe Edit Deployment 1. CORS Banc Intormation Routes n Route Requenu Poice CORS Contigures CORS acces - 2. Header Validations 3. Query Parameter Validations Add 4. Body validation Header Validations Configures header valdations 5. Header Transformation Aad Query Parameter Validations Configured query parameter vak ons 6. Query Parameter Transformation a Body Validation Configures body vatiomtion Aad Header Transformations Contigures neader anstomations Add Query Parameter Transformations Confiqures query parameter

2023-10-31_14-23-22_screenshot.png #

Request Policies validation mode Techsupp 1. 2. 3. Enforcing Permissive Disabled Validates all the requests against the validation policy. Request sent to backend API only if validation passes. API GW throw 4xx response code in case validation fails. Validate all the requests against the validation policy. Request sent to backend API even if validation fails. Doesn't validate the requests against the validation policy. All the request send to the backend API. Iti is used to observe the behavior against the traffic, before blocking API calls.

2023-10-31_14-27-15_screenshot.png #

Response Caching Tr Techsupp % The major challenge the API client faces is the performance issues due to the overburden on the backend APIs. And often when the response doesn't come back user tries to load/hit the page until they receive the response. % Caching the response can help to improve the performance and reduce the unnecessary load on back-end services. Response Caching can also save costs as the request can be served from the caching server without sending the request to backend API. & The mechanism of cache is to save the response to requests and re-use later if needed.

2023-10-31_14-28-13_screenshot.png #

€ Response Caching Cont. Tr Techsupper X The API Gateway server can be integrated with an external cache server such as Redis or KeyDB server. You can configure API gateways managed by the API Gateway service to: Store data in the cache server that has been returned by a back-end > service in response to an original request. Retrieve previously stored data from the cache server in response to a later request that is similar to the original request, without sending the later request to the back-end service.

2023-10-31_14-29-06_screenshot.png #

Response Caching Cont. Response caching can be enabled at: 1. API Gateway level 2. Route level

2023-10-31_15-14-44_screenshot.png #

Rate Limit Policy Tr Te Used to limit the rate at which API clients can make requests to back-end services. For example: Maintain high availability Prevent denial-of-service attacks Constrain costs of resource consumption Restrict usage of APIs by your customers' users in order to monetize APIS

2023-10-31_15-16-56_screenshot.png #

ORACLE Cloud Search for resources, services, and documentation India South (Hyderabad) V Edit Deployment Rate Limiting Policy Help nequires CmeriL LU proviue ILO curuncate ENABLE MTLS NUMBER OF REQUESTS PER SECOND 1000 Select rate key Total Per cliens (IP) Basic Information Routes Review Authentication Configures authentication CORS Configures CORS access Rate Limiting Configures rate limiting Support : API Logging Policies Next Cancel

2023-10-31_15-31-53_screenshot.png #

Authentication and Authorization to API Deployment I - - Techs API Gateways allows to control the access to the APIs deployed on the Gateway and contr what are allowed to do. In General, the APIS we deploy, we'll typically include: Authentication Authorization Identify the user is valid or not. Identify the user has appropriate access to call the APIs.

2023-10-31_15-32-36_screenshot.png #

Authentication and Authorization to API Deployment cont. API Gateway supports the following authentication and authorization policies: 1. Custom (Authorizer Function) 2. JWT (JSON Web Tokens)

2023-10-31_15-33-32_screenshot.png #

Custom (Authorizer Function ) 1 Authentication Type Tr Techsu We can control access to APIS you deploy to API gateways using an authorizer function. We can add authentication and authorization functionality to API gateways by writing an authorizer function that allows to: Processes request attributes to verify the identity of an end user with an identity provider. Determines the operations that the end user is allowed to perform. Returns the operations the end user is allowed to perform as a list of access scopes. The Authorizer function you can write in any language (Java, Python, Node, Go, and Ruby) and deploy to Oracle Function.

2023-10-31_15-34-21_screenshot.png #

JWT (JSON Web Tokens) Authentication type Tr Techsupp AJWT is a JSON-based access token sent in an HTTP request by the API client to a resource. JWTS are issued by identity providers (for example, Oracle Identity Cloud Service (IDCS), Auth0, Okta). When an API client attempts to access a protected resource, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key, either by invoking a validation end-point on the authorization server or by using a local verification key provided by the authorization server.

2023-10-31_16-17-53_screenshot.png #

Agenda Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-35-06_screenshot.png #

JWT (JSON Web Tokens) cont. D - - TechSup JWT compromises the three parts: Header Payload Signature Identifies the type of token and the cryptographic algorithm used to generate the signature. Containing claims about the end user's identity, and the properties of the JWT itself. Iti includes information in key value pair such as: Expiration time(exp) Audience(aud) Issuer (isu) Issued At (iat) Validate the authenticity of the JWT.

2023-10-31_15-36-00_screenshot.png #

Authorization types Techsupp The Authorization allows users what they are allowed to do. The Authorization is applied at the route level. There are three types of Authorization: Any Anonymous Authentication only Grant access to end users that have been successfully authenticated: Grant access to all end users, even if they have not been successfully authenticated by The authorizer function Only grant access to end users that have been successfully authenticated by The authorizer function Provided the authorizer function has also returned one of the access scopes. Provided the JWT has a scope claim that includes at least one of the access scopes. JWT JWT

2023-10-31_15-37-26_screenshot.png #

Agenda - Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-39-03_screenshot.png #

ORACLE Cloud integrations Saudi Arabia West (Jeddah) V Identity > Domains: > Default domain e Integrated applications Identity domain In Add application Help Overview Users Groups Dynamic groups Integrated applications Oracle Cloud Services Jobs Reports Security Settings Notifications Branding by application name, description, or tags. Application Catalog Status Add an application from the Application Catalog. Choose from a collection of partially configured application templates for popular Software as a Service (Saas) applications, such as Amazon Web Services and Google Suite. Using the templates, you can define the application, configure SSO, and configure provisioning. SAML Application No app to display Page 1 > Mobile Application Confidential Application Enterprise Application Launch app catalog Cancel Tag filters add - clear no tag filters applied

2023-10-31_16-02-59_screenshot.png #

Insights into the Logging I - - I - Techsupp APIS are the heart of digital transformation hence the APIS become critical to run the business smother. Keeping them operational and performing needs understanding and insight into the infrastructure supporting them. There are occasions when you'll need to see more detail about the flow of traffic into and out of the API gateway. For example, you might want to review responses returned to API clients, or to troubleshoot errors. You can specify that the API Gateway service stores information about requests and responses going through an API gateway, and information about processing within an API gateway, as logs in the Oracle Cloud Infrastructure Logging service.

2023-10-31_16-05-40_screenshot.png #

API GW logging cont. Techsupt Execution logs supports three types of log level. Information Warning Error Contains a summary of every processing Contains the Contains the summary of persistent errors occurred during processing. summary of transient errors occurred during processing. stage For ex: connection timeout. For ex: 404 error.

2023-10-31_16-07-41_screenshot.png #

OCI Logging analytics Tr Techsupt OCI Logging Analytics provides multiple ways of gaining operational insights from the API GW logs. You can use the Log Explorer UI to search and explore log information and aggregate into dashboards. Log Analytics has Oracle prebuilt parsers and source for API Gateway. Currently, API Gateway logs can be automatically ingested using Object Storage buckets. You can also stream API Gateway logs to Object Storage using the Service Connector Hub.

OCR of Images #

2023-10-31_11-17-09_screenshot.png #

Overview of API Gateway Tr Techsuppe The API Gateway service enables you to create governed HTTP/S interfaces for other services, including Oracle Functions, Container Engine for Kubernetes, and Container Registry. Monitoring Rate Limiting Routing API Gateway also provides policy enforcement such as authentication and rate-limiting to HTTP/S endpoints. Security API GW Response Caching API GW is completely managed by Oracle and customer don't need to worry about it's manageability.

2023-10-31_11-21-43_screenshot.png #

Features of API Gateway Tr TechSup API Designing and Deployment Available Policies Supports Open API 2.x and 3.x Stock responses Custom domains CLI, API, Terraform, SDK Client SDK generation JWT Validation CORS Rate limiting Transformation of req/res Request validation Routing Logging and Monitoring High Availability and performance Built in metrics Access logs Execution logs Response caching Automatic failover Highly available Supports logging analytics

2023-10-31_11-23-13_screenshot.png #

API GW Terminologies Cont. Tr Techsupp API Gateway A virtual network appliance in a regional subnet. Can be public and private. Route inbound traffic to backend APIS such as Oracle functions, Saas API, public APIs, private APIs.

2023-10-31_11-24-23_screenshot.png #

API GW Terminologies Cont. r - Techsuppe APIS APls are the backend APIS APls can have different methods such as PUT, GET, POST, DELETE, PATCH. The APIS are deployed on the API Gateway

2023-10-31_11-24-43_screenshot.png #

- API GW Terminologies Cont. - Techsupper API Deployment Backend APIs are bundled in API Deployment to be deployed on API GW. Before the API gateway can handle requests to the API, you must create an API deployment.

2023-10-31_11-25-04_screenshot.png #

API GW Terminologies Cont. - Techsuppe API Deployment Specification API deployment specification describes some aspects of an API deployment. Each API deployment specification describes one or more back-end resources, the route to each back-end resource, and the methods (for example, GET, PUT) that can be performed on each resource.

2023-10-31_11-26-55_screenshot.png #

API GW Terminologies Cont. - I Techsupi Front ends It can be public or private. If Public, APIS are served over public IPs via the API GW If Private, APIS are served over private endpoints via the API GW

2023-10-31_11-27-24_screenshot.png #

Back ends The actual APls that serves the request. It can be third party backends, OCI backends, Saas backends.

2023-10-31_11-27-34_screenshot.png #

Routes A route is the mapping between a path, one or more methods, and a back-end service. Routes are defined in API deployment specifications

2023-10-31_11-28-03_screenshot.png #

Policies API GW has various request and response policies which can be applied at request as well as response. Policies can be added to an API deployment specification that apply globally to all routes in the API deployment specification, as well as policies that apply only to particular routes.

2023-10-31_11-29-19_screenshot.png #

Workflow to create API GW r Techsupp 1. 2. 3. Create Groups and Users Create Create VCN and Compartment Subnets 4. Create API GW Create IAM Policies

2023-10-31_11-31-37_screenshot.png #

Pre-requisites to setup APIC GW I - A Oracle cloud tenancy. Privileges to create resources in OCI VCN and Subnet Sufficient quota to create API GW

2023-10-31_11-42-08_screenshot.png #

Create API API Gateway APIs in TestCo NAME TestAPI Gateways APIs Certificates Create API I Name COMPARTMENT TestCompartment techsuppercloud (root TestCompartment List Scope COMPARTMENT TestCompartment techsuppercloud foot/RestiCompartment UPLI OAD API DESCRIPTION FILE (SWAGGER, OPENAPI 3.X SPECIFICATION)  Drop a file. Browse, JSON or YAML format o Show Advanced Options Fiters STATE Any state Tag Filters add I clear : a - no tag hiters applied Create API Cancel

2023-10-31_11-53-18_screenshot.png #

vicalel Depicymlent Basic Information Routes Review Route 1 PATH /emp METHODS Select backend type HTTR, Oracle Functions V Stock Response - - - Specifies the type of the backend service. Learnmore about the Stock Response backend. STATUS CODE 200 BODY OPTIONAL ("name":"xyz") HEADER NAME OPTIONAL HEADER VALUE OPTIONAL Previous Next Cancel

2023-10-31_11-56-57_screenshot.png #

€ Create API resource using API Description Tr TechSupper The API resource has an API description that describes Create API the API. API Gateway NAME Gateways APIs Ifyou use an API resource to deploy an API on an API OMPARTMENT TestCompartment prootin Comp tment gateway, its API description pre-populates some of the Certificates properties of the API deployment specification. List Scope COMPARTMENT TestCompartment UPLOAD API ESCRIR Pr TION FILE (SWAGGER OPENAPI ax C I IFICATION € Drop a file. Browse, JSON YAME We import the API description from a file (referred as API specification/Spec) created either in OpenAPI (erstwhile Swagger Specification) Specification version 2.0 or version 3.0. API resource in the API Gateway service is optional.

2023-10-31_12-04-05_screenshot.png #

€ Create API deployment specification Tr Techsupper API deployment specification describes a set ARG of resources /employee, /order), and the TestGW HTTP verbs (GET, POST, etc.) that can be - performed on each resource Deployments k

2023-10-31_12-10-53_screenshot.png #

Fetch query parameter T Techs Backend API: httpss/restcountries.com/va.1/All Route: /service URL: htps/restcountries.com/a1/Sicequest.query/namel) Test URL: https://sgateway url> - /service?name-all

2023-10-31_12-11-44_screenshot.png #

Fetch single path parameter Tr Te Backend API: https://restcountries.com/ /3.1/alpha/(code)  Route: /service/(code) URL: https://restcountries.com/v3.1/alpha/Sirequest.path/codel) k Test URL: https://sgateway urb/service/alpha/pe

2023-10-31_12-12-58_screenshot.png #

Fetch multiple path parameter Tr Techsupp Backend API-1: htps/estcountries.com/as/eumens/ede) Backend API-2: https://restcountries.com/V8.1/name/iname) Route: /service/(servicenamel/(param) URL: https://restcountries.com/V3.1/Sirequest.pathlservicenamely/S(request.pat h/param]) Test URL-1: https://sgateway urb/service/urrensy/es Test URL-2: https://sgateway. urb/service/name/india

2023-10-31_12-17-54_screenshot.png #

Integration between Oracle Integration and API GW Tr TechSup % Oracle allows a seamless integration between Oracle Integration and API GW to manage/configure all the REST based integration via API GW. % After activating a REST based integration in Oracle Integration, you can publish the open API specification and deploy the endpoint to Oracle API Gateway. C Benefits of this integration is to remove the manual work to add the REST based integration to API GW.

2023-10-31_12-42-38_screenshot.png #

Agenda - Request and Response Policies Global Policies Request Policies Request Policies validation mode Response Policies Response Caching

2023-10-31_14-19-38_screenshot.png #

Request and Response Policies Tr Techsup Request and Response policies are defined while defining the API deployment specification which control the behaviour of API deployment. The policies can be applied at request and response levels. The benefits of policies is that we can prevent unnecessary load to the backend APIS by only sending valid requests and invalid requests can be terminated at API gateway level. The request policies are applied on an incoming request from an API client before it is sent to a back end. A response policies are applied on a response returned from a back end before it is sent to an API client.

2023-10-31_14-20-45_screenshot.png #

Request and Response Policies cont. Request and Response policies includes: Limit the request Cross Origin Resource Sharing (CORS) Authentication and Authorization Validate request Transform request Transform response Cache the response

2023-10-31_14-22-02_screenshot.png #

€ Global Policies rechsupper Applied to all the routes in the API deployment specification. Edit Deployment Basic Information Boutes Bevisn API Request Policies 1. Mutual TLS: Control access to APIs you deploy to API gateways based on the TLS certificate presented by Mutual-TLS Requires client to provide TLS certificate ENABLE MTLS the API client making a request. Authentication Configures authentication 2. Authentication: Control access to APIs you deploy to API gateways based on the end user sending a request, and define what it is that they are allowed to do. Add CORS Configures CORS access Add 3. CORS: Enable CORS support in the APIs you deploy to Rate Limiting Configures rate limiting API gateways. Add 4. Rate Limiting: Limit the rate at which API clients can make requests to back-end services.

2023-10-31_14-23-10_screenshot.png #

Request Policies Techsuppe Edit Deployment 1. CORS Banc Intormation Routes n Route Requenu Poice CORS Contigures CORS acces - 2. Header Validations 3. Query Parameter Validations Add 4. Body validation Header Validations Configures header valdations 5. Header Transformation Aad Query Parameter Validations Configured query parameter vak ons 6. Query Parameter Transformation a Body Validation Configures body vatiomtion Aad Header Transformations Contigures neader anstomations Add Query Parameter Transformations Confiqures query parameter

2023-10-31_14-23-22_screenshot.png #

Request Policies validation mode Techsupp 1. 2. 3. Enforcing Permissive Disabled Validates all the requests against the validation policy. Request sent to backend API only if validation passes. API GW throw 4xx response code in case validation fails. Validate all the requests against the validation policy. Request sent to backend API even if validation fails. Doesn't validate the requests against the validation policy. All the request send to the backend API. Iti is used to observe the behavior against the traffic, before blocking API calls.

2023-10-31_14-27-15_screenshot.png #

Response Caching Tr Techsupp % The major challenge the API client faces is the performance issues due to the overburden on the backend APIs. And often when the response doesn't come back user tries to load/hit the page until they receive the response. % Caching the response can help to improve the performance and reduce the unnecessary load on back-end services. Response Caching can also save costs as the request can be served from the caching server without sending the request to backend API. & The mechanism of cache is to save the response to requests and re-use later if needed.

2023-10-31_14-28-13_screenshot.png #

€ Response Caching Cont. Tr Techsupper X The API Gateway server can be integrated with an external cache server such as Redis or KeyDB server. You can configure API gateways managed by the API Gateway service to: Store data in the cache server that has been returned by a back-end > service in response to an original request. Retrieve previously stored data from the cache server in response to a later request that is similar to the original request, without sending the later request to the back-end service.

2023-10-31_14-29-06_screenshot.png #

Response Caching Cont. Response caching can be enabled at: 1. API Gateway level 2. Route level

2023-10-31_15-14-44_screenshot.png #

Rate Limit Policy Tr Te Used to limit the rate at which API clients can make requests to back-end services. For example: Maintain high availability Prevent denial-of-service attacks Constrain costs of resource consumption Restrict usage of APIs by your customers' users in order to monetize APIS

2023-10-31_15-16-56_screenshot.png #

ORACLE Cloud Search for resources, services, and documentation India South (Hyderabad) V Edit Deployment Rate Limiting Policy Help nequires CmeriL LU proviue ILO curuncate ENABLE MTLS NUMBER OF REQUESTS PER SECOND 1000 Select rate key Total Per cliens (IP) Basic Information Routes Review Authentication Configures authentication CORS Configures CORS access Rate Limiting Configures rate limiting Support : API Logging Policies Next Cancel

2023-10-31_15-31-53_screenshot.png #

Authentication and Authorization to API Deployment I - - Techs API Gateways allows to control the access to the APIs deployed on the Gateway and contr what are allowed to do. In General, the APIS we deploy, we'll typically include: Authentication Authorization Identify the user is valid or not. Identify the user has appropriate access to call the APIs.

2023-10-31_15-32-36_screenshot.png #

Authentication and Authorization to API Deployment cont. API Gateway supports the following authentication and authorization policies: 1. Custom (Authorizer Function) 2. JWT (JSON Web Tokens)

2023-10-31_15-33-32_screenshot.png #

Custom (Authorizer Function ) 1 Authentication Type Tr Techsu We can control access to APIS you deploy to API gateways using an authorizer function. We can add authentication and authorization functionality to API gateways by writing an authorizer function that allows to: Processes request attributes to verify the identity of an end user with an identity provider. Determines the operations that the end user is allowed to perform. Returns the operations the end user is allowed to perform as a list of access scopes. The Authorizer function you can write in any language (Java, Python, Node, Go, and Ruby) and deploy to Oracle Function.

2023-10-31_15-34-21_screenshot.png #

JWT (JSON Web Tokens) Authentication type Tr Techsupp AJWT is a JSON-based access token sent in an HTTP request by the API client to a resource. JWTS are issued by identity providers (for example, Oracle Identity Cloud Service (IDCS), Auth0, Okta). When an API client attempts to access a protected resource, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key, either by invoking a validation end-point on the authorization server or by using a local verification key provided by the authorization server.

2023-10-31_16-17-53_screenshot.png #

Agenda Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-35-06_screenshot.png #

JWT (JSON Web Tokens) cont. D - - TechSup JWT compromises the three parts: Header Payload Signature Identifies the type of token and the cryptographic algorithm used to generate the signature. Containing claims about the end user's identity, and the properties of the JWT itself. Iti includes information in key value pair such as: Expiration time(exp) Audience(aud) Issuer (isu) Issued At (iat) Validate the authenticity of the JWT.

2023-10-31_15-36-00_screenshot.png #

Authorization types Techsupp The Authorization allows users what they are allowed to do. The Authorization is applied at the route level. There are three types of Authorization: Any Anonymous Authentication only Grant access to end users that have been successfully authenticated: Grant access to all end users, even if they have not been successfully authenticated by The authorizer function Only grant access to end users that have been successfully authenticated by The authorizer function Provided the authorizer function has also returned one of the access scopes. Provided the JWT has a scope claim that includes at least one of the access scopes. JWT JWT

2023-10-31_15-37-26_screenshot.png #

Agenda - Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-39-03_screenshot.png #

ORACLE Cloud integrations Saudi Arabia West (Jeddah) V Identity > Domains: > Default domain e Integrated applications Identity domain In Add application Help Overview Users Groups Dynamic groups Integrated applications Oracle Cloud Services Jobs Reports Security Settings Notifications Branding by application name, description, or tags. Application Catalog Status Add an application from the Application Catalog. Choose from a collection of partially configured application templates for popular Software as a Service (Saas) applications, such as Amazon Web Services and Google Suite. Using the templates, you can define the application, configure SSO, and configure provisioning. SAML Application No app to display Page 1 > Mobile Application Confidential Application Enterprise Application Launch app catalog Cancel Tag filters add - clear no tag filters applied

2023-10-31_16-02-59_screenshot.png #

Insights into the Logging I - - I - Techsupp APIS are the heart of digital transformation hence the APIS become critical to run the business smother. Keeping them operational and performing needs understanding and insight into the infrastructure supporting them. There are occasions when you'll need to see more detail about the flow of traffic into and out of the API gateway. For example, you might want to review responses returned to API clients, or to troubleshoot errors. You can specify that the API Gateway service stores information about requests and responses going through an API gateway, and information about processing within an API gateway, as logs in the Oracle Cloud Infrastructure Logging service.

2023-10-31_16-05-40_screenshot.png #

API GW logging cont. Techsupt Execution logs supports three types of log level. Information Warning Error Contains a summary of every processing Contains the Contains the summary of persistent errors occurred during processing. summary of transient errors occurred during processing. stage For ex: connection timeout. For ex: 404 error.

2023-10-31_16-07-41_screenshot.png #

OCI Logging analytics Tr Techsupt OCI Logging Analytics provides multiple ways of gaining operational insights from the API GW logs. You can use the Log Explorer UI to search and explore log information and aggregate into dashboards. Log Analytics has Oracle prebuilt parsers and source for API Gateway. Currently, API Gateway logs can be automatically ingested using Object Storage buckets. You can also stream API Gateway logs to Object Storage using the Service Connector Hub.

OCR of Images #

2023-10-31_11-17-09_screenshot.png #

Overview of API Gateway Tr Techsuppe The API Gateway service enables you to create governed HTTP/S interfaces for other services, including Oracle Functions, Container Engine for Kubernetes, and Container Registry. Monitoring Rate Limiting Routing API Gateway also provides policy enforcement such as authentication and rate-limiting to HTTP/S endpoints. Security API GW Response Caching API GW is completely managed by Oracle and customer don't need to worry about it's manageability.

2023-10-31_11-21-43_screenshot.png #

Features of API Gateway Tr TechSup API Designing and Deployment Available Policies Supports Open API 2.x and 3.x Stock responses Custom domains CLI, API, Terraform, SDK Client SDK generation JWT Validation CORS Rate limiting Transformation of req/res Request validation Routing Logging and Monitoring High Availability and performance Built in metrics Access logs Execution logs Response caching Automatic failover Highly available Supports logging analytics

2023-10-31_11-23-13_screenshot.png #

API GW Terminologies Cont. Tr Techsupp API Gateway A virtual network appliance in a regional subnet. Can be public and private. Route inbound traffic to backend APIS such as Oracle functions, Saas API, public APIs, private APIs.

2023-10-31_11-24-23_screenshot.png #

API GW Terminologies Cont. r - Techsuppe APIS APls are the backend APIS APls can have different methods such as PUT, GET, POST, DELETE, PATCH. The APIS are deployed on the API Gateway

2023-10-31_11-24-43_screenshot.png #

- API GW Terminologies Cont. - Techsupper API Deployment Backend APIs are bundled in API Deployment to be deployed on API GW. Before the API gateway can handle requests to the API, you must create an API deployment.

2023-10-31_11-25-04_screenshot.png #

API GW Terminologies Cont. - Techsuppe API Deployment Specification API deployment specification describes some aspects of an API deployment. Each API deployment specification describes one or more back-end resources, the route to each back-end resource, and the methods (for example, GET, PUT) that can be performed on each resource.

2023-10-31_11-26-55_screenshot.png #

API GW Terminologies Cont. - I Techsupi Front ends It can be public or private. If Public, APIS are served over public IPs via the API GW If Private, APIS are served over private endpoints via the API GW

2023-10-31_11-27-24_screenshot.png #

Back ends The actual APls that serves the request. It can be third party backends, OCI backends, Saas backends.

2023-10-31_11-27-34_screenshot.png #

Routes A route is the mapping between a path, one or more methods, and a back-end service. Routes are defined in API deployment specifications

2023-10-31_11-28-03_screenshot.png #

Policies API GW has various request and response policies which can be applied at request as well as response. Policies can be added to an API deployment specification that apply globally to all routes in the API deployment specification, as well as policies that apply only to particular routes.

2023-10-31_11-29-19_screenshot.png #

Workflow to create API GW r Techsupp 1. 2. 3. Create Groups and Users Create Create VCN and Compartment Subnets 4. Create API GW Create IAM Policies

2023-10-31_11-31-37_screenshot.png #

Pre-requisites to setup APIC GW I - A Oracle cloud tenancy. Privileges to create resources in OCI VCN and Subnet Sufficient quota to create API GW

2023-10-31_11-42-08_screenshot.png #

Create API API Gateway APIs in TestCo NAME TestAPI Gateways APIs Certificates Create API I Name COMPARTMENT TestCompartment techsuppercloud (root TestCompartment List Scope COMPARTMENT TestCompartment techsuppercloud foot/RestiCompartment UPLI OAD API DESCRIPTION FILE (SWAGGER, OPENAPI 3.X SPECIFICATION)  Drop a file. Browse, JSON or YAML format o Show Advanced Options Fiters STATE Any state Tag Filters add I clear : a - no tag hiters applied Create API Cancel

2023-10-31_11-53-18_screenshot.png #

vicalel Depicymlent Basic Information Routes Review Route 1 PATH /emp METHODS Select backend type HTTR, Oracle Functions V Stock Response - - - Specifies the type of the backend service. Learnmore about the Stock Response backend. STATUS CODE 200 BODY OPTIONAL ("name":"xyz") HEADER NAME OPTIONAL HEADER VALUE OPTIONAL Previous Next Cancel

2023-10-31_11-56-57_screenshot.png #

€ Create API resource using API Description Tr TechSupper The API resource has an API description that describes Create API the API. API Gateway NAME Gateways APIs Ifyou use an API resource to deploy an API on an API OMPARTMENT TestCompartment prootin Comp tment gateway, its API description pre-populates some of the Certificates properties of the API deployment specification. List Scope COMPARTMENT TestCompartment UPLOAD API ESCRIR Pr TION FILE (SWAGGER OPENAPI ax C I IFICATION € Drop a file. Browse, JSON YAME We import the API description from a file (referred as API specification/Spec) created either in OpenAPI (erstwhile Swagger Specification) Specification version 2.0 or version 3.0. API resource in the API Gateway service is optional.

2023-10-31_12-04-05_screenshot.png #

€ Create API deployment specification Tr Techsupper API deployment specification describes a set ARG of resources /employee, /order), and the TestGW HTTP verbs (GET, POST, etc.) that can be - performed on each resource Deployments k

2023-10-31_12-10-53_screenshot.png #

Fetch query parameter T Techs Backend API: httpss/restcountries.com/va.1/All Route: /service URL: htps/restcountries.com/a1/Sicequest.query/namel) Test URL: https://sgateway url> - /service?name-all

2023-10-31_12-11-44_screenshot.png #

Fetch single path parameter Tr Te Backend API: https://restcountries.com/ /3.1/alpha/(code)  Route: /service/(code) URL: https://restcountries.com/v3.1/alpha/Sirequest.path/codel) k Test URL: https://sgateway urb/service/alpha/pe

2023-10-31_12-12-58_screenshot.png #

Fetch multiple path parameter Tr Techsupp Backend API-1: htps/estcountries.com/as/eumens/ede) Backend API-2: https://restcountries.com/V8.1/name/iname) Route: /service/(servicenamel/(param) URL: https://restcountries.com/V3.1/Sirequest.pathlservicenamely/S(request.pat h/param]) Test URL-1: https://sgateway urb/service/urrensy/es Test URL-2: https://sgateway. urb/service/name/india

2023-10-31_12-17-54_screenshot.png #

Integration between Oracle Integration and API GW Tr TechSup % Oracle allows a seamless integration between Oracle Integration and API GW to manage/configure all the REST based integration via API GW. % After activating a REST based integration in Oracle Integration, you can publish the open API specification and deploy the endpoint to Oracle API Gateway. C Benefits of this integration is to remove the manual work to add the REST based integration to API GW.

2023-10-31_12-42-38_screenshot.png #

Agenda - Request and Response Policies Global Policies Request Policies Request Policies validation mode Response Policies Response Caching

2023-10-31_14-19-38_screenshot.png #

Request and Response Policies Tr Techsup Request and Response policies are defined while defining the API deployment specification which control the behaviour of API deployment. The policies can be applied at request and response levels. The benefits of policies is that we can prevent unnecessary load to the backend APIS by only sending valid requests and invalid requests can be terminated at API gateway level. The request policies are applied on an incoming request from an API client before it is sent to a back end. A response policies are applied on a response returned from a back end before it is sent to an API client.

2023-10-31_14-20-45_screenshot.png #

Request and Response Policies cont. Request and Response policies includes: Limit the request Cross Origin Resource Sharing (CORS) Authentication and Authorization Validate request Transform request Transform response Cache the response

2023-10-31_14-22-02_screenshot.png #

€ Global Policies rechsupper Applied to all the routes in the API deployment specification. Edit Deployment Basic Information Boutes Bevisn API Request Policies 1. Mutual TLS: Control access to APIs you deploy to API gateways based on the TLS certificate presented by Mutual-TLS Requires client to provide TLS certificate ENABLE MTLS the API client making a request. Authentication Configures authentication 2. Authentication: Control access to APIs you deploy to API gateways based on the end user sending a request, and define what it is that they are allowed to do. Add CORS Configures CORS access Add 3. CORS: Enable CORS support in the APIs you deploy to Rate Limiting Configures rate limiting API gateways. Add 4. Rate Limiting: Limit the rate at which API clients can make requests to back-end services.

2023-10-31_14-23-10_screenshot.png #

Request Policies Techsuppe Edit Deployment 1. CORS Banc Intormation Routes n Route Requenu Poice CORS Contigures CORS acces - 2. Header Validations 3. Query Parameter Validations Add 4. Body validation Header Validations Configures header valdations 5. Header Transformation Aad Query Parameter Validations Configured query parameter vak ons 6. Query Parameter Transformation a Body Validation Configures body vatiomtion Aad Header Transformations Contigures neader anstomations Add Query Parameter Transformations Confiqures query parameter

2023-10-31_14-23-22_screenshot.png #

Request Policies validation mode Techsupp 1. 2. 3. Enforcing Permissive Disabled Validates all the requests against the validation policy. Request sent to backend API only if validation passes. API GW throw 4xx response code in case validation fails. Validate all the requests against the validation policy. Request sent to backend API even if validation fails. Doesn't validate the requests against the validation policy. All the request send to the backend API. Iti is used to observe the behavior against the traffic, before blocking API calls.

2023-10-31_14-27-15_screenshot.png #

Response Caching Tr Techsupp % The major challenge the API client faces is the performance issues due to the overburden on the backend APIs. And often when the response doesn't come back user tries to load/hit the page until they receive the response. % Caching the response can help to improve the performance and reduce the unnecessary load on back-end services. Response Caching can also save costs as the request can be served from the caching server without sending the request to backend API. & The mechanism of cache is to save the response to requests and re-use later if needed.

2023-10-31_14-28-13_screenshot.png #

€ Response Caching Cont. Tr Techsupper X The API Gateway server can be integrated with an external cache server such as Redis or KeyDB server. You can configure API gateways managed by the API Gateway service to: Store data in the cache server that has been returned by a back-end > service in response to an original request. Retrieve previously stored data from the cache server in response to a later request that is similar to the original request, without sending the later request to the back-end service.

2023-10-31_14-29-06_screenshot.png #

Response Caching Cont. Response caching can be enabled at: 1. API Gateway level 2. Route level

2023-10-31_15-14-44_screenshot.png #

Rate Limit Policy Tr Te Used to limit the rate at which API clients can make requests to back-end services. For example: Maintain high availability Prevent denial-of-service attacks Constrain costs of resource consumption Restrict usage of APIs by your customers' users in order to monetize APIS

2023-10-31_15-16-56_screenshot.png #

ORACLE Cloud Search for resources, services, and documentation India South (Hyderabad) V Edit Deployment Rate Limiting Policy Help nequires CmeriL LU proviue ILO curuncate ENABLE MTLS NUMBER OF REQUESTS PER SECOND 1000 Select rate key Total Per cliens (IP) Basic Information Routes Review Authentication Configures authentication CORS Configures CORS access Rate Limiting Configures rate limiting Support : API Logging Policies Next Cancel

2023-10-31_15-31-53_screenshot.png #

Authentication and Authorization to API Deployment I - - Techs API Gateways allows to control the access to the APIs deployed on the Gateway and contr what are allowed to do. In General, the APIS we deploy, we'll typically include: Authentication Authorization Identify the user is valid or not. Identify the user has appropriate access to call the APIs.

2023-10-31_15-32-36_screenshot.png #

Authentication and Authorization to API Deployment cont. API Gateway supports the following authentication and authorization policies: 1. Custom (Authorizer Function) 2. JWT (JSON Web Tokens)

2023-10-31_15-33-32_screenshot.png #

Custom (Authorizer Function ) 1 Authentication Type Tr Techsu We can control access to APIS you deploy to API gateways using an authorizer function. We can add authentication and authorization functionality to API gateways by writing an authorizer function that allows to: Processes request attributes to verify the identity of an end user with an identity provider. Determines the operations that the end user is allowed to perform. Returns the operations the end user is allowed to perform as a list of access scopes. The Authorizer function you can write in any language (Java, Python, Node, Go, and Ruby) and deploy to Oracle Function.

2023-10-31_15-34-21_screenshot.png #

JWT (JSON Web Tokens) Authentication type Tr Techsupp AJWT is a JSON-based access token sent in an HTTP request by the API client to a resource. JWTS are issued by identity providers (for example, Oracle Identity Cloud Service (IDCS), Auth0, Okta). When an API client attempts to access a protected resource, it must include a JWT. The resource validates the JWT with an authorization server using a corresponding public verification key, either by invoking a validation end-point on the authorization server or by using a local verification key provided by the authorization server.

2023-10-31_16-17-53_screenshot.png #

Agenda Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-35-06_screenshot.png #

JWT (JSON Web Tokens) cont. D - - TechSup JWT compromises the three parts: Header Payload Signature Identifies the type of token and the cryptographic algorithm used to generate the signature. Containing claims about the end user's identity, and the properties of the JWT itself. Iti includes information in key value pair such as: Expiration time(exp) Audience(aud) Issuer (isu) Issued At (iat) Validate the authenticity of the JWT.

2023-10-31_15-36-00_screenshot.png #

Authorization types Techsupp The Authorization allows users what they are allowed to do. The Authorization is applied at the route level. There are three types of Authorization: Any Anonymous Authentication only Grant access to end users that have been successfully authenticated: Grant access to all end users, even if they have not been successfully authenticated by The authorizer function Only grant access to end users that have been successfully authenticated by The authorizer function Provided the authorizer function has also returned one of the access scopes. Provided the JWT has a scope claim that includes at least one of the access scopes. JWT JWT

2023-10-31_15-37-26_screenshot.png #

Agenda - Adding an confidential application Applying the JWT authentication Applying authorization Generating the access token Testing the APIs

2023-10-31_15-39-03_screenshot.png #

ORACLE Cloud integrations Saudi Arabia West (Jeddah) V Identity > Domains: > Default domain e Integrated applications Identity domain In Add application Help Overview Users Groups Dynamic groups Integrated applications Oracle Cloud Services Jobs Reports Security Settings Notifications Branding by application name, description, or tags. Application Catalog Status Add an application from the Application Catalog. Choose from a collection of partially configured application templates for popular Software as a Service (Saas) applications, such as Amazon Web Services and Google Suite. Using the templates, you can define the application, configure SSO, and configure provisioning. SAML Application No app to display Page 1 > Mobile Application Confidential Application Enterprise Application Launch app catalog Cancel Tag filters add - clear no tag filters applied

2023-10-31_16-02-59_screenshot.png #

Insights into the Logging I - - I - Techsupp APIS are the heart of digital transformation hence the APIS become critical to run the business smother. Keeping them operational and performing needs understanding and insight into the infrastructure supporting them. There are occasions when you'll need to see more detail about the flow of traffic into and out of the API gateway. For example, you might want to review responses returned to API clients, or to troubleshoot errors. You can specify that the API Gateway service stores information about requests and responses going through an API gateway, and information about processing within an API gateway, as logs in the Oracle Cloud Infrastructure Logging service.

2023-10-31_16-05-40_screenshot.png #

API GW logging cont. Techsupt Execution logs supports three types of log level. Information Warning Error Contains a summary of every processing Contains the Contains the summary of persistent errors occurred during processing. summary of transient errors occurred during processing. stage For ex: connection timeout. For ex: 404 error.

2023-10-31_16-07-41_screenshot.png #

OCI Logging analytics Tr Techsupt OCI Logging Analytics provides multiple ways of gaining operational insights from the API GW logs. You can use the Log Explorer UI to search and explore log information and aggregate into dashboards. Log Analytics has Oracle prebuilt parsers and source for API Gateway. Currently, API Gateway logs can be automatically ingested using Object Storage buckets. You can also stream API Gateway logs to Object Storage using the Service Connector Hub.

No notes link to this note

Calendar May 3, 2024

Go to random page

Previous Next