Configuring API Gateway Instances


This topic shows how to configure a running instance of the API Gateway. You can configure the options described in the following sections on the API Gateway instance in the Policy Studio tree.

Add Remote Host

Remote Host settings configure the way in which the API Gateway routes to another host machine. For example, if a destination server may not fully support HTTP 1.1, you can configure Remote Host settings for the server to optimize the way in which the API Gateway sends messages to it. Similarly, if the server requires an exceptionally long timeout, you can configure this in the Remote Host settings. For more details, see the Remote Host Settings topic.

Add HTTP Services

You can add a container for HTTP-related services, including HTTP and HTTPS Interfaces, Directory Scanners, Static Content Providers, Servlet Applications, and Packet Sniffers.

HTTP Services act as a container for all HTTP-related interfaces to the API Gateway's core messaging pipeline. You can configure HTTP and HTTPS interfaces to accept plain HTTP and SSL messages respectively. A Relative Path interface is available to map requests received on a particular URI or path to a specific policy. The Static Content Provider interface can retrieve static files from a specified directory, while the Servlet Application enables you to deploy servlets under the service. Finally, the Packet Sniffer interface can read packets directly of the network interface, assemble them into HTTP messages, and dispatch them to a particular policy. The Configuring HTTP Services topic explains how to configure the available HTTP Interfaces.

Add SMTP Services

Simple Mail Transfer Protocol (SMTP) support enables the API Gateway to receive email and to act as a mail relay. The API Gateway can accept email messages using the SMTP protocol, and forward them to a mail server. You can also configure optional policies for specific SMTP commands (for example, HELO/EHLO and AUTH). The Configuring SMTP Services topic explains how to configure SMTP services, interfaces, and handler policies.

Add File Transfer Services

You can configure the API Gateway to listen for remote clients that connect to it as a file server. This enables the API Gateway to apply configured policies on transferred files (for example, for schema validation, threat detection or prevention, routing, and so on). The API Gateway supports File Transfer Protocol (FTP), FTP over SSL (FTPS), and Secure Shell FTP (SFTP). The File Transfer Service topic explains how to configure the API Gateway as a file transfer service.

Add Policy Execution Scheduler

Policy Execution Scheduling enables you to schedule the execution of any policy on a specified date and time in a recurring manner. The API Gateway provides a pre-configured library of schedules to select from. You can also add your own schedules to the library. The Policy Execution Scheduling topic explains how to add a policy execution schedule, and how to add schedules.

Messaging System

You can configure the API Gateway to read JMS messages from a JMS queue or topic, run them through a policy, and then route onwards to a Web Service or JMS queue or topic.

The API Gateway can consume a JMS queue or topic as a means of passing XML messages to its core message processing pipeline. When the message has entered the pipeline, it can be validated against all authentication, authorization, and content-based message filters. Having passed all configured message filters, it can be routed to a destination Web Service over HTTP, or it can be dropped back on to a JMS queue or topic using the Messaging System Connection filter. For more details, see the Messaging System topic.

FTP Poller

The FTP Poller enables you to query and retrieve files by polling a remote file server. When files are retrieved, they can be passed into the API Gateway core message pipeline for processing. For example, this is useful in cases where an external application drops files on to a remote file server, which can then be validated, modified, or routed on over HTTP or JMS by the API Gateway. For more details, see the FTP Poller topic.

Directory Scanner

The Directory Scanner reads XML files from a specified directory and dispatches them to a selected policy. This enables you to search a local directory for XML files, which can then be fed into a security policy for validation. Typically, XML files are FTP-ed or saved to the file system by another application. The API Gateway can then pick these files up, run the full array of authentication, authorization, and content-based filters on the messages, and then route them over HTTP or JMS to a back-end system. For more details, see the Directory Scanner topic.

POP Client

The POP Client enables you to poll a POP mail server to read email messages from it, and pass them into a policy for processing. For more details, see the POP Client topic.


You can configure a TIBCO Rendezvous® Listener or a TIBCO Enterprise Messaging Service Consumer. For more details, see the following topics:

API Gateway Settings

You can configure per-instance global configuration settings by clicking the Settings node in the Policy Studio tree. For more details on configuring API Gateway instance settings, see the API Gateway Settings topic.

API Gateway Logging

You can configure an API Gateway instance to log messages to a database, file system, GUI Console, log files, or UNIX syslog. A Log Viewer for examining log entries is also available. For more details, see the topic on Transaction Log Settings.

Cryptographic Acceleration

The API Gateway can leverage the OpenSSL Engine API to offload complex cryptographic operations (for example, RSA and DSA) to a hardware-based cryptographic accelerator, and to act as an extra layer of security when storing private keys on a Hardware Security Module (HSM).

The API Gateway uses OpenSSL to perform cryptographic operations, such as encryption and decryption, signature generation and validation, and SSL tunneling. OpenSSL exposes an Engine API, which enables you to plug in alternative implementations of some or all of the cryptographic operations implemented by OpenSSL. OpenSSL can, when configured appropriately, call the engine's implementation of these operations instead of its own. For more information on configuring the API Gateway to use an OpenSSL engine, see the Cryptographic Acceleration topic.