Oracle® Fusion Middleware

Oracle API Gateway Administrator Guide

11g Release 2 (

Oracle API Gateway Administrator Guide, 11g Release 2 (

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. This documentation is in prerelease status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.

The information contained in this document is for informational sharing purposes only and should be considered in your capacity as a customer advisory board member or pursuant to your beta trial agreement only. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.

This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle Software License and Service Agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

27 May 2014


1. API Gateway administration
Introduction to API Gateway administration
API Gateway form factors
Who owns the API Gateway platform and how is it administered?
Where do you deploy an API Gateway?
Where do you deploy API Gateway Analytics?
Secure the last mile
API Gateway administration lifecycle
Plan an API Gateway system
Policy development
Traffic analysis
Load balancing and scalability
SSL termination
High Availability and failover
Backup and recovery
Development staging and testing
Hardening—secure the API Gateway
Capacity planning example
How API Gateway interacts with existing infrastructure
Anti virus
Operations and management
Network firewalls
Application servers
Enterprise Service Buses
Directories and user stores
Access control
Public Key Infrastructure
Registries and repositories
Software Configuration Managment
2. Manage an API Gateway domain
Configure an API Gateway domain
Managedomain script
Register a host in a domain
Create an API Gateway instance
Test the health of an API Gateway instance
Manage domain topology in API Gateway Manager
Manage API Gateway groups
Manage API Gateway instances
Deploy API Gateway configuration
Managedomain command reference
Host Management
API Gateway Management
Group Management
Topology Management
Domain SSL certificates
Further details
Secure an API Gateway domain
How SSL certificates are signed in a domain
Add the first Admin Node Manager to the domain
Add a Node Manager to the domain
Add an API Gateway instance to the domain
Change the admin capabilities of a Node Manager
Change the domain SSL certificate
Admin Node Manager backup and disaster recovery
SSL private key and certificate locations
3. Manage the API Gateway
Start and stop the API Gateway
Set passphrases
Start the Node Manager
Start the API Gateway instance
Connect to the API Gateway in Policy Studio
Stop the API Gateway instance
Stop the Node Manager
Start the API Gateway tools
Before you begin
Launch API Gateway Manager
Start Policy Studio
Configure an API Gateway encryption passphrase
Configure the passphrase in Policy Studio
Enter the passphrase when you connect in Policy Studio
Enter the passphrase in a file or on startup
Promotion between environments
Run API Gateway as non-root on UNIX/Linux
Linux capabilities
Before you begin
Modify API Gateway file ownership
Set the CAP_NET_BIND capability on vshell
API Gateway appliance version 7.1.0 or later
Add API Gateway library locations
Modify the init.d script to use sudo
Modify the jvm.xml file
Restart the API Gateway
Run API Gateway as non-root on Solaris
Configure API Gateway high availability
HA in production environments
Load Balancing
Java Message System
File Transfer Protocol
Remote Hosts
Distributed caching
External Connections
Embedded Apache ActiveMQ
Embedded Apache Cassandra database
Manage certificates and keys
View certificates and private keys
Configure an X.509 certificate
Configure a private key
Global options
Manage certificates and keystores
Configure key pairs
Configure PGP key pairs
Manage API Gateway settings
General settings
Logging settings
Messaging settings
Monitoring settings
Security settings
4. Deploy API Gateway configuration
Manage API Gateway deployments
Connect to a server in Policy Studio
Edit a server configuration in Policy Studio
Manage deployments in API Gateway Manager
Compare and merge configurations in Policy Studio
Manage Admin users in API Gateway Manager
Configure policies in Policy Studio
Deploy API Gateway configuration
Create a package in Policy Studio
Configure package properties in Policy Studio
Deploy packages in Policy Studio
Deploy a factory configuration in Policy Studio
Deploy currently loaded configuration in Policy Studio
Push configuration to a group in Policy Studio
View deployment results in Policy Studio
Deploy on the command line
Deploy packages in API Gateway Manager
5. Troubleshoot your API Gateway installation
Configure API Gateway tracing
View API Gateway trace files
Set API Gateway trace levels
Configure API Gateway trace files
Run trace at DEBUG level
Run trace at DATA level
Integrate trace output with Apache log4J
Get help with API Gateway
Configure API Gateway logging and events
Configure audit logs per domain
Configure transaction logs per API Gateway
Configure transaction logs per filter
Configure access logs per path
Manage API Gateway events
API Gateway performance tuning
General performance tuning
Advanced performance tuning
6. Manage user access
Manage API Gateway users
API Gateway users
Add API Gateway users
API Gateway user attributes
API Gateway user groups
Add API Gateway user groups
Update API Gateway users or groups
Manage Admin users
Admin user privileges
Admin user roles
Add a new Admin user
Remove an Admin user
Reset an Admin user password
Manage Admin user roles
Configure Role-Based Access Control (RBAC)
Local Admin User store
RBAC Access Control List
Configure RBAC users and roles
Management service roles and permissions
Active Directory for authentication and RBAC of management services
Step 1: create an Active Directory group
Step 2: create an Active Directory user
Step 3: create an LDAP connection
Step 4: create an LDAP repository
Step 5: create a test policy for LDAP authentication and RBAC
Step 6: use the LDAP policy to protect management services
Add an LDAP user with limited access to management services
OpenLDAP for authentication and RBAC of management services
Step 1: create an OpenLDAP group for RBAC roles
Step 2: add RBAC roles to the OpenLDAP RBAC group
Step 3: add users to the OpenLDAP RBAC group
Step 4: create an LDAP connection
Step 5: create an OpenLDAP repository
Step 6: create a test policy for LDAP authentication and RBAC
Step 7: use the OpenLDAP policy to protect management services
7. Manage ActiveMQ messaging
Manage embedded ActiveMQ messaging
Manage messaging queues
Manage messages in a queue
Manage messaging topics
Manage messaging subscribers
Manage messaging consumers
8. Monitoring and reporting
Monitor services in API Gateway Manager
Enable monitoring
View real-time monitoring
View message traffic
View message content
View performance statistics
Detect malformed messages
Monitor system data
Configure trace and log settings
Monitor and report on services with API Gateway Analytics
Configure the API Gateway for API Gateway Analytics
Connect to the API Gateway
Configure the database connection
Configure the database logging
Configure monitoring settings
Deploy to the API Gateway
Reporting with API Gateway Analytics
Launch API Gateway Analytics
API Services
Remote Hosts
Audit Trail
Custom reporting
Configure scheduled reports
Database configuration
Scheduled reports configuration
SMTP configuration
Purge the reports database
Run the dbpurger command
Example commands
9. Manage network-level settings
Configure a DNS service with wildcards for virtual hosting
DNS workflow
BIND DNS software
Configure a wildcard domain
10. API Gateway settings reference
General settings
MIME/DIME settings
Namespace settings
SOAP Namespace
Signature ID Attribute
WSSE Namespace
HTTP Session settings
Transaction Log settings
Configure log output
Log to Text File
Log to XML File
Log to Database
Log to Local Syslog
Log to Remote Syslog
Log to System Console
Access Log settings
Configure the Access Log
Embedded ActiveMQ settings
General messaging settings
SSL settings
Authentication settings
Traffic monitoring settings
Real-time monitoring metrics
Configure metrics settings
Configure reports settings