Welcome to this post, which will look at the publishing of OIC endpoints to OCI API Gateway.
I'm starting from scratch, with a new OIC3 instance -
This functionality is available only in domain enabled tenancies. I this demo, I will be provisioning the OCI API Gateway in the same compartment as OIC.
RPST is used for OIC to access api gateway, which is, in essence, just another Oracle Cloud Infrastructure resource. To this end, we will need the client id of the OIC instance I just created.
So let's go to our domain -
I save the Client ID for future use.
Create a Dynamic Group
Next step is to create a dynamic group, through which we will be able to grant gateway access to the api gateway. This group will only have 1 member to begin with, the OIC3 instance I just created. Naturally, I could have multiple entries i.e. many OIC3 instances publishing to the same gateway.
Here is my Dynamic Group definition -
Create a Policy
Now we need to create a policy which will enable this dynamic group to manage API Gateway in my compartment -
allow dynamic-group yourGroup to manage api-gateway-family in compartment yourCompartment
Create a Virtual Cloud Network and Subnet
I create the VCN in my compartment NiallC-2312. As you can see, I set the CIDR Block value to 10.0.0.0/16
I accepted the defaults for all the other fields.
Create a Subnet
I set the CIDR Block to 10.0.0.0/24.
Subnet Type - Regional
Subnet Access : Public Subnet
Create an Internet Gateway
All you need here is a name.
Add Rules to the VCN Security List
Add the following Ingress rule -
The following Egress rule should be present -
Add a Route Rule to the VCN Route Table
Create a Network Security Group
That's it - pre-reqs completed!
Provision the OCI API Gateway
Give it a name and select the VCN and Subnet you just created. Accept defaults for the rest.
Create a test Deployment and route
This is a quick test to ensure our gateway is accessible. I create a deployment called Test and add a route. Note, I use a stock response here.
The deployment url can be found here -
Publishing from OIC
Integrations need to be within a project, activated and also "public".
For "public" just check the following box, when creating an integration -
There's our TestDeployment. In this case, I'll create a new deployment - Netsuite. Ergo, we can select an existing deployment or create a new one. Whichever we choose the OIC endpoint will be created as a route within that deployment.
Now to testing the invoke of the OIC endpoint via the api gateway. Again, I use Postman here.
First test is to invoke the OIC endpoint directly from Postman. This will leverage OAuth - the setup required is detailed in this other post
Looks good! Now to the route in the Netsuite deployment -
The Deployment url is - https://myGateway.apigateway.us-phoenix-1.oci.customer-oci.com/netsuite
So let's test this from Postman -