Monday, December 18, 2023

#999 23.12 - Publishing OIC endpoints to OCI API Gateway in detail

Welcome to this post, which will look at the publishing of OIC endpoints to OCI API Gateway.
I'm starting from scratch, with a new OIC3 instance -

This functionality is available only in domain enabled tenancies. I this demo, I will be provisioning the OCI API Gateway in the same compartment as OIC.

RPST is used for OIC to access api gateway, which is, in essence, just another Oracle Cloud Infrastructure resource. To this end, we will need the client id of the OIC instance I just created. 

So let's go to our domain - 


I save the Client ID for future use.

Create a Dynamic Group

Next step is to create a dynamic group, through which we will be able to grant gateway access to the api gateway. This group will only have 1 member to begin with, the OIC3 instance I just created. Naturally, I could have multiple entries i.e. many OIC3 instances publishing to the same gateway.

Here is my Dynamic Group definition - 

 - = 'client id'

Create a Policy

Now we need to create a policy which will enable this dynamic group to manage API Gateway in my compartment -

The Policy definition has the following format - 

allow dynamic-group yourGroup to manage api-gateway-family in compartment yourCompartment

Pre-requisites for Creating the API Gateway

Create a Virtual Cloud Network and Subnet

I create the VCN in my compartment NiallC-2312. As you can see, I set the CIDR Block value to

I accepted the defaults for all the other fields.

Create a Subnet

I set the CIDR Block to
Subnet Type - Regional
Subnet Access : Public Subnet

Create an Internet Gateway

All you need here is a name.

Add Rules to the VCN Security List

Add the following Ingress rule - 

The following Egress rule should be present - 

Add a Route Rule to the VCN Route Table

Create a Network Security Group

That's it - pre-reqs completed!

Provision the OCI API Gateway

Give it a name and select the VCN and Subnet you just created. Accept defaults for the rest.

Create a test Deployment and route

This is a quick test to ensure our gateway is accessible. I create a deployment called Test and add a route. Note, I use a stock response here.

I will now test this from Postman - 
The deployment url can be found here - 

Publishing from OIC

Integrations need to be within a project, activated and also "public". 

For "public" just check the following box, when creating an integration -

There's our TestDeployment. In this case, I'll create a new deployment - Netsuite. Ergo, we can select an existing deployment or create a new one. Whichever we choose the OIC endpoint will be created as a route within that deployment.

I can, of course, view the deployment details -

Now to testing the invoke of the OIC endpoint via the api gateway. Again, I use Postman here.

First test is to invoke the OIC endpoint directly from Postman. This will leverage OAuth - the setup required is detailed in this other post

Looks good! Now to the route in the Netsuite deployment - 

The path, as you can see, is /netsuite/customer.

The Deployment url is -

So let's test this from Postman - 

No comments: