Oracle® Fusion Middleware
Part 11. API Gateway settings reference
Sidebar
Prev
|
Next
Part 11. API Gateway settings reference
Contents
General settings
Overview
Settings
MIME/DIME settings
Overview
Configuration
Namespace settings
Overview
SOAP Namespace
Signature ID Attribute
WSSE Namespace
HTTP Session settings
Overview
Configuration
Transaction audit log settings
Overview
Configure log output
Log to Text File
Log to XML File
Log to Database
Log to Local Syslog
Log to Remote Syslog
Log to System Console
Transaction access log settings
Overview
Configure the access log
Redact sensitive details from the access log
Transaction event log settings
Overview
Transaction event log formats
Configure the transaction event log
Embedded ActiveMQ settings
Overview
General messaging settings
SSL settings
Authentication settings
Traffic monitoring settings
Overview
Configuration
Real-time monitoring metrics
Overview
Enable monitoring
Configure real-time metrics
Contents
Search
What's new
New topics
Updated topics
API Gateway administration
Introduction to API Gateway administration
Overview
API Gateway form factors
Who owns the API Gateway platform and how is it administered?
Operations team
Architecture team
Where do you deploy an API Gateway?
Where do you deploy API Gateway Analytics?
Secure the last mile
API Gateway administration lifecycle
Plan an API Gateway system
Overview
Policy development
Policy development guidelines
Example policy requirements
Traffic analysis
Traffic analysis guidelines
Load balancing and scalability
Load balancing guidelines
SSL termination
High Availability and failover
HA stand-by systems
HA and failover guidelines
Backup and recovery
Disaster recovery guidelines
Development staging and testing
Staging and testing guidelines
Hardening—secure the API Gateway
Hardening guidelines
Capacity planning example
Example required throughput
Example development process
How API Gateway interacts with existing infrastructure
Overview
Databases
Anti virus
Operations and management
Network firewalls
Advantages over traditional application firewalls
Firewall modes
Application servers
Enterprise Service Buses
Similarities between API Gateways and ESBs
Differences between API Gateways and ESBs
Directories and user stores
Simple inline user store deployment
API Gateway in DMZ—LDAP in LAN
Split deployment between DMZ and LAN
Access control
Public Key Infrastructure
Registries and repositories
Software Configuration Managment
Manage an API Gateway domain
Configure an API Gateway domain
Overview
Managedomain script
Register a host in a domain
Create an API Gateway instance
Test the health of an API Gateway instance
Manage domain topology in API Gateway Manager
Overview
Manage API Gateway groups
Create an API Gateway group
Delete an API Gateway group
Lock an API Gateway group
Manage API Gateway instances
Create API Gateway instances
Delete API Gateway instances
Start API Gateway instances
Stop API Gateway instances
Edit API Gateway tags
Deploy API Gateway configuration
Deploy a deployment package
Deploy policy and environment packages
Configure Admin Node Manager high availability and security
Overview
Hierarchy of SSL certificates in a domain
How SSL certificates are generated for domain processes
External Certificate Authority
Add the first Admin Node Manager to the domain
Sign Admin Node Manager certificate with system-generated CA key
Sign Admin Node Manager certificate with user-provided CA key
Sign Admin Node Manager certificate with external CA
API Gateway as external CA
Additional certificate generation options
Add a Node Manager to the domain
Sign Node Manager certificate with system-generated CA key
Sign Node Manager certificate with user-provided CA key
Sign Node Manager certificate with external CA
Additional options
Add an API Gateway instance to the domain
Sign API Gateway instance certificate with system-generated CA key
Sign API Gateway instance certificate with user-provided CA key
Sign API Gateway instance certificate with external CA
Change a Node Manager to an Admin Node Manager
Sign Node Manager certificate with system-generated CA key
Sign Node Manager certificate with user-provided CA key
Sign Node Manager certificate with external CA
Regenerate all SSL certificates in a domain
Sign certificates in domain with system-generated CA key
Sign certificates in domain with user-provided CA key
Sign certificates in domain with external CA
Reset passphrase for CA private key
Change domain SSL certificate expiry date
Admin Node Manager backup and disaster recovery
Create backup Admin Node Manager for signing certificates
Set up Admin Node Manager for signing certificates from a backup .p12
Location of SSL private keys and certificates
Location of CA private key and certificate
Location of Node Manager private key and certificate
Location of API Gateway private key and certificate
Managedomain command reference
Overview
Managedomain command interpreter mode
View help for a command
Run a command
Managedomain interactive mode
Host Management
API Gateway Management
Group Management
Topology Management
Deployment
Domain SSL certificates
Managedomain command mode
Manage API Gateway operation
Start and stop the API Gateway
Overview
Set passphrases
Start the Node Manager
Start the API Gateway instance
Startup options
Connect to the API Gateway in Policy Studio
Stop the API Gateway instance
Stop the Node Manager
Start the API Gateway tools
Overview
Before you begin
Launch API Gateway Manager
Start Policy Studio
Run API Gateway as non-root on UNIX/Linux
Overview
Linux capabilities
Before you begin
Modify API Gateway file ownership
SSL accelerators for HSM
Set the CAP_NET_BIND capability on vshell
Install the libcap2 package if required
API Gateway appliance version 7.1.0 or later
Add API Gateway library locations
Create the ld.so.conf file
Run ldconfig
Modify the init.d script to use sudo
Modify the jvm.xml file
Restart the API Gateway
Run API Gateway as non-root on Solaris
Configure API Gateway high availability
Overview
HA in production environments
Load Balancing
Java Message System
File Transfer Protocol
Remote Hosts
Distributed caching
External Connections
Embedded Apache ActiveMQ
Embedded Apache Cassandra database
API Gateway backup and disaster recovery
Overview
Components that must be backed up
Back up API Gateway
Back up API Gateway Analytics
Back up databases and third-party systems
Disaster recovery plan and tests
Example of creating an API Gateway disaster recovery site
Back up the production environment
Copy to the disaster recovery site
Further Information
Manage API Gateway settings
Overview
General settings
Cache
MIME/DIME
Namespaces
HTTP session
Logging settings
Transaction Audit Log
Transaction Access Log
Transaction Event Log
Messaging settings
Monitoring settings
Real Time Monitoring
Traffic Monitor
Security settings
Security Service Module
Kerberos
Tivoli
Manage API Gateway security
Configure an API Gateway encryption passphrase
Overview
Configure the passphrase in Policy Studio
Enter the passphrase when you edit configuration in Policy Studio
Provide the passphrase in a configuration file or at startup
Enter the Node Manager passphrase in a configuration file
Enter the API Gateway passphrase in a configuration file
Prompt for the passphrase at server startup
Provide the passphrase automatically at startup using a script
Promotion between environments
Further information
Manage certificates and keys
Overview
View certificates and keys
Certificate management options
Configure an X.509 certificate
Create a certificate
Import certificates
Configure a private key
Private key stored locally
Private key provided by OpenSSL engine
Private key stored on external HSM
Configure HSMs and certificate realms
Manage HSMs with keystoreadmin
Use keystoreadmin in interactive mode
Step 1—Register an HSM provider
Step 2—Create a certificate realm and associated keystore
Step 3—Start the API Gateway when using an HSM
Start API Gateway with manually entered PIN passphrase
Start API Gateway with automatic PIN passphrase
Configure SSH key pairs
Add a key pair
Manage OpenSSH keys
Configure PGP key pairs
Add a PGP key pair
Manage PGP keys
Global import and export options
Import and export certificates and keys
Manage certificates in Java keystores
Further information
Generate a CSR and import the certificate and key
Overview
How are certificates and keys stored in API Gateway?
What is OpenSSL?
Step 1: Create a private key and CSR
Step 2: Submit the CSR to the CA
Step 3: Import the certificate and key into Policy Studio
Further information
Manage API firewalling
Overview
Configure API firewalling
Enable threat protection
Configure threat protection rules
Monitor API firewalling
Further information
Deploy API Gateway configuration
Manage API Gateway deployments
Overview
Connect to a server in Policy Studio
Edit a server configuration in Policy Studio
Manage deployments in API Gateway Manager
Compare and merge configurations in Policy Studio
Manage Admin users in API Gateway Manager
Configure policies in Policy Studio
Deploy API Gateway configuration
Overview
Create a package in Policy Studio
Configure package properties in Policy Studio
Deploy packages in Policy Studio
Deploy a factory configuration in Policy Studio
Deploy currently loaded configuration in Policy Studio
Push configuration to a group in Policy Studio
View deployment results in Policy Studio
Deploy on the command line
Deploy packages in API Gateway Manager
Monitoring and reporting
Monitor services in API Gateway Manager
Overview
Ensure monitoring is enabled
View real-time monitoring
View traffic monitoring
Filter message traffic
View message content
View performance statistics
Filter performance statistics
Detect malformed messages
Monitor real-time metrics
Configure dynamic trace, logging, and monitoring
Monitor and report on services with API Gateway Analytics
Redact sensitive data from API Gateway Manager
Overview
Redaction configuration
Enable redaction for an API Gateway
Redact HTTP message content
URL path matching
Supported HTTP features
Example: redact an HTTP Basic authorization header
Redact JSON message content
JSON redactor configuration
Example: redact OAuth message tokens from a JSON message
Redact XML message content
XML redactor configuration
Example: redact a WS-Security username token from a XML message
Redact HTML form message content
Redact raw message content
Example: redact credit card details from raw text
Redact sensitive data from log files
Configure API Gateway for API Gateway Analytics
Overview
Connect to the API Gateway in Policy Studio
Configure the metrics database connection
Configure transaction audit logging to the metrics database
Configure the API Gateway to write to the transaction event log
Deploy the updated configuration to the API Gateway
Configure the Node Manager to process event logs and update the metrics database
Use the managedomain interactive menu
Use the managedomain command options
Configure additional options for event log processing in the Node Manager
Further information
Monitoring and reporting with API Gateway Analytics
Overview
Launch API Gateway Analytics
Monitor the API Gateway system
Systems
System resources
Monitor API services, methods, and clients
Example: API service performance
Monitor remote hosts
Monitor protocols
Audit transactions
Schedule custom reports
Create reports in a monitoring view
Using the reports view
Further information
Configure scheduled report settings
Overview
Database configuration
Scheduled reports configuration
SMTP configuration
Purge the metrics database
Overview
Run the dbpurger command
Example commands
Troubleshoot your API Gateway installation
Configure API Gateway logging and events
API Gateway logs and events
Domain management and diagnostics
Message transactions
Events and alerts
Configure audit logs per domain
View in API Gateway Manager
View the domain audit log file
Redact domain audit log output
Domain audit rule syntax
Configure transaction audit log destinations
Configure transaction audit logs per filter
Message payload logging
Configure transaction event logs per API Gateway
Configure transaction access logs per path
Manage API Gateway events and alerts
Configure dynamic trace and log settings
Further information
Configure API Gateway diagnostic trace
Overview
View API Gateway trace files
Set API Gateway trace levels
Configure API Gateway trace files
Run trace at DEBUG level
Run trace at DATA level
Integrate trace output with Apache log4J
Get help with API Gateway
API Gateway performance tuning
Overview
General performance tuning
Minimize tracing
Disable real-time monitoring
Disable traffic monitoring
Disable transaction logging
Disable Access logging
Advanced performance tuning
Configure spill to disk
Configure database pooling
Configure HTTP keep alive
Configure chunked encoding
Single test client and sever
JVM memory
Number of client threads on Linux
Multiple connection filters
Manage user access
Manage API Gateway users
Overview
API Gateway users
Add API Gateway users
API Gateway user attributes
API Gateway user groups
Add API Gateway user groups
Update API Gateway users or groups
Manage Admin users
Overview
Admin user privileges
Admin user roles
Add a new Admin user
Remove an Admin user
Reset an Admin user password
Manage Admin user roles
Configure Role-Based Access Control (RBAC)
Overview
Local admin user store
Admin user password storage algorithm
Configure an LDAP repository to store credentials
RBAC Access Control List
Configure RBAC users and roles
Management service roles and permissions
Active Directory for authentication and RBAC of management services
Overview
Step 1: create an Active Directory group
Step 2: create an Active Directory user
Step 3: create an LDAP connection
Step 4: create an LDAP repository
Step 5: create a test policy for LDAP authentication and RBAC
Step 6: use the LDAP policy to protect management services
Add an LDAP user with limited access to management services
OpenLDAP for authentication and RBAC of management services
Overview
Step 1: create an OpenLDAP group for RBAC roles
Step 2: add RBAC roles to the OpenLDAP RBAC group
Step 3: add users to the OpenLDAP RBAC group
Step 4: create an LDAP connection
Step 5: create an OpenLDAP repository
Step 6: create a test policy for LDAP authentication and RBAC
Step 7: use the OpenLDAP policy to protect management services
Manage network-level settings
Configure a DNS service with wildcards for virtual hosting
Overview
DNS workflow
BIND DNS software
Configure a wildcard domain
Configure DNS options
Configure default zones
Configure logging
Configure a wildcard domain
Configure domain zone files
Manage ActiveMQ messaging
Manage embedded ActiveMQ messaging
Overview
Manage messaging queues
Manage messages in a queue
Create a new message
View message contents
Manage messaging topics
Manage messaging subscribers
Create a new subscriber
Manage messaging consumers
API Gateway settings reference
General settings
Overview
Settings
MIME/DIME settings
Overview
Configuration
Namespace settings
Overview
SOAP Namespace
Signature ID Attribute
WSSE Namespace
HTTP Session settings
Overview
Configuration
Transaction audit log settings
Overview
Configure log output
Log to Text File
Log to XML File
Log to Database
Log to Local Syslog
Log to Remote Syslog
Log to System Console
Transaction access log settings
Overview
Access log format
Configure the access log
Redact sensitive details from the access log
Transaction event log settings
Overview
Transaction event log formats
Event log header entries
Event log system entries
Event log transaction entries
Configure the transaction event log
Embedded ActiveMQ settings
Overview
General messaging settings
SSL settings
Authentication settings
Traffic monitoring settings
Overview
Configuration
Real-time monitoring metrics
Overview
Enable monitoring
Configure real-time metrics
Search
Search Highlighter (On/Off)