Monday, December 18, 2023

#999 23.12 - Publishing OIC endpoints to OCI API Gateway in detail

Welcome to this post, which will look at the publishing of OIC endpoints to OCI API Gateway.
I'm starting from scratch, with a new OIC3 instance -

This functionality is available only in domain enabled tenancies. I this demo, I will be provisioning the OCI API Gateway in the same compartment as OIC.

RPST is used for OIC to access api gateway, which is, in essence, just another Oracle Cloud Infrastructure resource. To this end, we will need the client id of the OIC instance I just created. 

So let's go to our domain - 


I save the Client ID for future use.

Create a Dynamic Group

Next step is to create a dynamic group, through which we will be able to grant gateway access to the api gateway. This group will only have 1 member to begin with, the OIC3 instance I just created. Naturally, I could have multiple entries i.e. many OIC3 instances publishing to the same gateway.

Here is my Dynamic Group definition - 

 - = 'client id'

Create a Policy

Now we need to create a policy which will enable this dynamic group to manage API Gateway in my compartment -

The Policy definition has the following format - 

allow dynamic-group yourGroup to manage api-gateway-family in compartment yourCompartment

Pre-requisites for Creating the API Gateway

Create a Virtual Cloud Network and Subnet

I create the VCN in my compartment NiallC-2312. As you can see, I set the CIDR Block value to

I accepted the defaults for all the other fields.

Create a Subnet

I set the CIDR Block to
Subnet Type - Regional
Subnet Access : Public Subnet

Create an Internet Gateway

All you need here is a name.

Add Rules to the VCN Security List

Add the following Ingress rule - 

The following Egress rule should be present - 

Add a Route Rule to the VCN Route Table

Create a Network Security Group

That's it - pre-reqs completed!

Provision the OCI API Gateway

Give it a name and select the VCN and Subnet you just created. Accept defaults for the rest.

Create a test Deployment and route

This is a quick test to ensure our gateway is accessible. I create a deployment called Test and add a route. Note, I use a stock response here.

I will now test this from Postman - 
The deployment url can be found here - 

Publishing from OIC

Integrations need to be within a project, activated and also "public". 

For "public" just check the following box, when creating an integration -

There's our TestDeployment. In this case, I'll create a new deployment - Netsuite. Ergo, we can select an existing deployment or create a new one. Whichever we choose the OIC endpoint will be created as a route within that deployment.

I can, of course, view the deployment details -

Now to testing the invoke of the OIC endpoint via the api gateway. Again, I use Postman here.

First test is to invoke the OIC endpoint directly from Postman. This will leverage OAuth - the setup required is detailed in this other post

Looks good! Now to the route in the Netsuite deployment - 

The path, as you can see, is /netsuite/customer.

The Deployment url is -

So let's test this from Postman - 

Friday, December 8, 2023

#998 OIC 23.12 Release New Features

23.12 is is yet another compelling release of OIC. Without further ado, let's look at some of the new features - 

Global OIC New Features

Import / Export Support

This feature allows you to do global exports/imports of all OIC artefact metadata. This feature is heavily used by OIC Gen2 customers, so this is a must in respect of feature parity. The modus operandi is analogue to Gen 2 - 

Step 1 is set up the connection to your OCI Object Storage bucket -

This will be used as the export target -

Defining an export job is easy - instance storage defaults to what you have set up. The job name defaults to Export of instance yourInstance.

You can choose whether or not to export security artifacts (secrets).

The import definition is as follows -

Self-explanatory, I assume.

Let's try this out - I begin by creating a Bucket - 


Now back in OIC --> Settings - Storage

Note the format of the Swift Url -

The password you enter is not your OCI password, rather it is based on an Auth token you generate at OCI User level - 

Save the token and use as the password, when defining the storage connection in OIC - 

Note the format of username - oracleidentitycloudservice/

Now to the Import/Export page in OIC Settings -

 Here one can do the following - yes, you guessed it - 

I click on Export

I check in Object Storage - 

I check back in OIC - 

Project Enhancements

Ability to copy integrations into a project

This is a very useful feature, especially for OIC gen2 customers uptaking projects. This feature allows you to copy projects from the global context (i.e. those not in a project), or from another project and "paste" into your target project.

Here's a simple example - my integration - AA-Netsuite-CreateCustomer - this leverages a "global" Netsuite connection, as well as an OIC Lookup to set the Netsuite subsidiary id.

I create a new Project - AA-Netsuite-CustomerMgt -

Note the ability to search Projects. I de-select the checkbox, in this case.

I select my source integration and then click Copy - 

The integration and its dependencies has been imported.

Again, this is extremely useful for existing OIC customers who want to adopt projects.

Publishing OIC APIS to OCI API Gateway

A major new feature of 23.12. However, this gives us more than just OIC Gen2 parity. Publishing is a feature within OIC Projects. Integrations need to be activated, before they can be published.

The publish UI is as follows - 

Note the following - 
1. the ability to choose which endpoints to publish.  Unfortunately, I only have the one, but you get the idea.

2. Choose the compartment which hosts the api gateway.

3. Select the gateway 

4. Select an existing deployment on that gateway or create a new deployment. A word or two on deployments - a deployment can host from 1 to 50 endpoints. Each gateway currently supports up to 20 deployments. That allows for up to 1000 endpoints per gateway. You can decide yourself how you want to split the apis over deployments, e.g. create a "Netsuite" deployment for all your Netsuite related apis.
So think of the deployment as a folder for related apis/OIC endpoints.


I publish - 

Note the ability to Undo publish - giving you full lifecycle control. If you create a deployment and have published only the api(s) from a single integration, clicking Undo publish will delete the routing rule and the deployment. 

There are some pre-requisites you need to do in order to publish from OIC to the OCI API Gateway.
This connectivity is RPST based and you need to do some setup in your identity domain to make this work.

I will document these in a separate post.

New Notification Center

The Notifications center shows the status of asynchronous operations (such as installing a project from the Integration Store). This eliminates the need to click the refresh icon to see the status.

The Announcements page, formerly accessible via the bell icon, can now be accessed via the megaphone icon.