Monday, January 4, 2021

#821 Protecting your OIC apis with OCI API Gateway



OCI Services add a lot of value add to OIC. I have discussed OCI Functions Service and the OCI Streaming Service in previous posts. Today - my first working day of 2021 - it's the turn of OCI API Gateway.

I'm sure you are all conversant with what API Gateway gives you. If not, check out the overview here 

The Gateway setup was very simple and quick - I just followed the instructions here

This blog post covers the following -

1. Virtualizing a publicly available REST api using API Gateway

2. Virtualizing an OIC API

3.  Adding a Throttling Policy at Deployment level

4. Adding a Request Policy - Query Parameter Transformation

Virtualizing a public REST API via OCI API Gateway

Now to a simple sanity test - I found the following public REST API - 


So let's virtualize that Endpoint, via the API Gateway - 

I created the following Deployment in API Gateway -

Configuration is as follows - 

So let's look at this in a bit more detail -

Testing - I copy the Endpoint -

v1 being of course the Path Prefix I specified.

I then add the Path I specified in the deployment definition 


Note the variable {myRequest*} in the Path definition.

Virtualizing an OIC API using OCI API Gateway

Let's apply the same logic to an OIC api - here's my simple SayHi service

I test using Postman -

Now to creating the API Gateway deployment -

I just extrapolate from the previous example - 

I then test in a browser - here I get a popup where I need to enter my OIC credentials -

I test again, via Postman - note - I have added the OIC Auth here -

Adding a Throttling Policy 

I now add a throttling policy to the deployment - 

Note: Policies added at this level apply to all routes.

Now let's greet Dino a couple of times -

Now we could leverage an API Gateway Deployment for more than 1 OIC API.

Here's another simple OIC flow - Gaelic Greeting - this has a REST (POST) trigger.

I create the following Deployment in the API Gateway -

Now let's look at the OIC Endpoint url - 


Look at the url definition above -

So the myRequest variable will be, in this case, /v1/flows/rest/AA_DUMMYREST_POST/1.0/GaelicGreeting

Note that METHODS has been set to ANY.
The test in Postman -

Now let's try the same Deployment for the first OIC Greeting api -

Request Policies - Query Parameter Transformation

Finally, we already tried out one of the Deployment level policies, let's now look at the Route level policies available - Request and Response Policies - 

Let's try out the Query Parameter Transformation on the following OIC integration - 

As you can see, the empNr is echoed.

In this simple example, I will set the empNr to 999.

I create a new Deployment in the API Gateway and configure as follows - 

I now add the Request Routing Policy -

I test in my Browser - with empNr = 100

My response includes empNr = 999



No comments: