How do I Configure a Secure Communication Channel between API Gateway and Developer Portal?
This section explains the steps required for API Gateway to securely communicate with Developer Portal for sending the runtime events and metrics and Developer Portal to communicate with API Gateway securely for key requests.
The described SSL configuration procedure applies only to Developer Portal version10.2 or later. Also ensure that the required certificates for API Gateway and Developer Portal are available.
To configure a secure communication channel between API Gateway and Developer Portal
1. Configure Developer Portal HTTPS port.
a. Navigate to Administration > Destinations in the API Gateway user interface.
b. Click API Portal > Configuration.
c. Provide the following information:
In the
Portal configuration section, provide the following details:
Base URL. The
Developer Portal base URL which
API Gateway uses to communicate to
Developer Portal using the HTTPS port. By default,
Developer Portal uses port 18102 for HTTPS communication.
Username and
Password credentials to access
Developer Portal.
In the
Gateway configuration section, provide the following details:
Base URL. The
API Gateway server URL, which
Developer Portal uses to communicate to
API Gateway using the HTTPS port. Specify the port 8886 that is configured for HTTPS communication.
Username and
Password credentials to access
API Gateway.
d. Click Publish.
This configures Developer Portal as a destination and creates a communication channel between API Gateway and Developer Portal over the HTTPS port.
2. Ensure that outbound truststore is configured correctly to trust the certificate exposed by Developer Portal.
You can achieve this by configuring keystore and truststore settings for outbound connections in API Gateway. In the Configure keystore and truststore settings for outbound connections section, provide the keystore and truststore aliases for securing outgoing SSL connections. The keystore and key alias is required for outgoing two-way SSL connections.
3. You have to configure the Developer Portal truststore to trust the API Gateway outbound certificate. For details about how to configure Developer Portal truststore, see Developer Portal documentation.
You now have a secure communication channel between API Gateway and Developer Portal. You can now publish an API, which is enforced with Enable HTTPS/HTTPS policy with the HTTPS option configured, from API Gateway to Developer Portal and invoke the API from Developer Portal using the HTTPS endpoint that has been used to publish it to Developer Portal.
