Configure API management settings in Policy Studio

Policy Studio enables you to configure a range of settings that apply to API Manager and the underlying API Gateway. In the Policy Studio tree, select Server Settings > API Manager to configure the settings described in this topic.

Note

When finished your updates, remember to click Apply Changes at the bottom of the screen, and to click Deploy in the toolbar.

Alerts

The Alerts settings enable you to configure runtime alerts, which call specified policies to handle the alert event. For example, the policy might send an email to an interested party, or forward the alert to an external notification system. Sample policies are provided as a starting point for custom development.

You can enable or disable alerts in the API Manager web interface. You can change the policy that is executed when an alert is generated on this screen. For more details, see API management alerts.

API Listeners

The API Listeners settings enable you to configure API Gateway listeners to service API Manager-registered APIs. Defaults to Portal Listener.

Note This screen only displays listeners that do not have a relative path resolver on the / relative path. For more details on API Gateway listeners, relative paths, and resolvers, see the API Gateway Policy Developer Guide.

API Promotion

The API Promotion settings enable you to configure an optional policy that is invoked when APIs registered in API Manager are promoted between environments (for example, from a test or sandbox environment to a live production environment).

To select a promotion policy, click the browse button on the right, and select a preconfigured policy in the dialog. By default, no API promotion policy is selected. For details on how to create polices, see the API Gateway Policy Developer Guide. For more details on API promotion, see Promote managed APIs.

Identity Provider

The Identity Provider settings enable you to integrate API Manager with a wide range of external user repositories. For example, this includes third-party identity providers such as Apache Directory, OpenLDAP, Microsoft Active Directory, and so on. To enable integration, select Use external identity provider, and configure the following set of custom policies:

Account authentication policy:
Click the browse button, and select the required authentication policy that is invoked whenever a user tries to log in to API Manager. This setting is mandatory.
Account information policy:
Click the browse button, and select the required information policy that is invoked on first login to seed the user profile in API Manager. This setting is mandatory. For more details, see Configure external identity providers.
Account creation success (optional):
Click the browse button, and select an optional policy that is invoked when a new user has been registered with API Manager.
Account creation failure (optional):
Click the browse button, and select an optional policy that is invoked when an attempt to register a new account with API Manager has failed.

API Manager provides sample external identity provider configuration. For more details, see Configure external identity providers.

Note

The Identity Provider settings are used only to configure integration of API Manager with external user repositories. All other API Manager data is stored using a Key Property Store (KPS) in an Apache Cassandra cluster. For more details, see the API Gateway Key Property Store User Guide.

Monitoring

The Monitoring settings allow you to configure monitoring metrics in API Manager:

Enable monitoring:
Select whether to enable monitoring metrics displayed on the Monitoring tab in API Manager. Monitoring is enabled by default.
Use the following database:
Click the browse button to configure the connection to the database that stores the monitoring metrics.

For more details on monitoring, see Administer APIs in API Manager.

OAuth Token Information Policies

The OAuth Token Information Policies setting enable you to configure optional policies used by external OAuth security devices in API Manager. These include custom policies used to obtain and extract token information from external OAuth providers. By default, no policies are configured.

For more details, see the following:

Virtualize REST APIs in API Manager explains how to configure security devices
API Gateway OAuth User Guide provides more details on OAuth
API Gateway Policy Developer Guide explains how to create policies

OAuth Token Stores

The OAuth Token Stores settings enable you to configure OAuth token stores for the OAuth security devices used by API Manager-registered APIs. Click Add to configure an OAuth access token store. To add a store, right-click Access Token Stores, and select Add Access Token Store. Defaults to OAuth Access Token Cache.

For more details on OAuth, see the API Gateway OAuth User Guide.

Quota Settings

The Quota Settings enable you to configure how quota information is stored. Quotas enable you to manage the maximum message traffic rate that can be sent by applications to APIs. For more details on quotas, see Administer APIs in API Manager. You can configure the following settings:

Send warning if API usage reaches:
Enter the % of System Quota and % of Application Quota that must be reached before warnings are sent to the API administrator. Both API usage values default to 80 per cent.
Where to store data:
Select In Cassandra, for time windows above or In memory only. This setting defaults to In Cassandra, for time windows above 30 seconds. In this case, if the API administrator configures a quota in API Manager with a time window below 30 seconds, the data is stored in memory instead of Cassandra. Alternatively, to never use Cassandra, select In memory only to store data in memory in all cases. For details on configuring quota key space in Cassandra, see the API Gateway Key Property Store User Guide available from Oracle Support.
Cassandra consistency levels:
When In Cassandra, for time windows above is selected, you can configure Read and Write consistency levels for the Cassandra database. These settings control how up-to-date and synchronized a row of data is on all of its replicas. The default Read setting of ONE means that the database returns a response from the closest replica. The default Write setting of ONE means that a write must be written to the commit log and memory table of at least one replica node. For more details, see http://www.datastax.com/docs/0.8/dml/data_consistency.

Inbound Security Policies

The Inbound Security Policies settings enable you to configure the custom security policies that can be applied to APIs registered in API Manager. These policies enable you to perform custom policy-based authentication on front-end APIs.

API Manager provides a number of built-in authentication policies to secure APIs (for example, API keys and OAuth 2.0), which you can select when creating front-end APIs. You can extend the built-in authentication policies with custom authentication policies that have been developed in Policy Studio.

For example, a custom policy could use CA SiteMinder to authenticate client application requests to APIs. In addition, custom authentication policies can specify a message that is displayed in the API Catalog informing application developers of the authentication mechanism to use when accessing the API.

To configure your custom inbound security policies, click Add, and select the appropriate policies in the dialog. The configured polices are added to the list.

Note Inbound security policies must set the authentication.subject.id message attribute to match the client ID set in the external credentials of the application.

For details on how to create polices, see the API Gateway Policy Developer Guide.

For details on applying inbound security policies to front-end APIs, see Virtualize REST APIs in API Manager

Request Policies

The Request Policies settings enable you to configure optional request processing policies for virtualized APIs in API Manager. For example, you could use the configured policies to check request messages for authentication or authorization. To configure request policies, click Add, and select policies in the dialog. By default, no request policies are configured.

Note

Request Policies, Response Policies, and Routing Policies apply to APIs registered using the API Manager, and do not apply to policies registered using Policy Studio. These policies enable policy developers to implement enterprise-specific request policies in Policy Studio that can be applied to multiple APIs in API Manager.

For details on how to create polices, see the API Gateway Policy Developer Guide.

Response Policies

The Response Policies settings enable you to configure optional response processing policies for virtualized APIs in API Manager. For example, you could use the configured policies to validate or transform outbound response messages. To configure response policies, click Add, and select policies in the dialog. By default, no response policies are configured.

For details on how to create polices, see the API Gateway Policy Developer Guide.

Routing Policies

The Routing Policies settings enable you to configure custom routing policies for virtualized APIs in API Manager. For example, you could use the configured policies to route to a back-end JMS service. To configure routing policies, click Add, and select policies in the dialog. By default, no routing policies are configured, and the default URL-based routing policy is used.

For details on how to create polices, see the API Gateway Policy Developer Guide.

SMTP Server

Under SMTP Server settings, to send emails (for example, for user registration or client application approval), you must configure an STMP server for API Manager in the Policy Studio. The default setting is Portal SMTP server on localhost.

Note

You must ensure that API Manager is configured with the SMTP server used by your organization to generate emails for user registration or client application approval.

For example, to configure your SMTP server, perform the following steps:

Click the browse button on the on the right of the SMTP Server field.
Right-click Portal SMTP, and select Edit.
Complete the SMTP settings in the dialog. The following example settings use the Gmail SMTP server:
- Name: Name for your SMTP server (for example, Acme Portal SMTP Server).
- SMTP Server Hostname: Hostname of your SMTP server (for example, smtp.gmail.com).
- Port: SMTP server port number (for example, 465).
- User Name: Your email user name (for example, joe.bloggs@gmail.com).
- Password: Your email password.

For more details on SMTP configuration, see the API Gateway Policy Developer Guide.

Note

When finished updating your API Manager configuration, remember to click Apply Changes at the bottom of the window, and then Deploy in the toolbar.

API Manager in network protected by HTTP proxy

If you are using API Manager in a network protected by an HTTP proxy that requires authentication, you must perform some additional configuration steps.

Configure a proxy server

For API Manager to connect to the back-end API through a proxy, the routing policy used must be configured with a proxy server. For example, perform the following steps:

In the Policy Studio tree, select Policies > Generated Policies > REST APIs > Templates > Default URL-based Routing.
Double-click the Connect to URL filter to edit it, and select the Settings tab.
Select Proxy > Send via proxy.
In the Proxy Server field, browse to the configured proxy server. If a proxy server has not already been configured, right-click Proxy Servers, and select Add a Proxy Server. For more details, see the API Gateway Policy Developer Guide.
Click Deploy in the toolbar to deploy the updated configuration.

Update the JVM settings

The following JVM setting is also required when importing the API in API Manager. This is because API Manager uses Java to download the API:

<ConfigurationFragment>

   <VMArg name="-Dhttp.proxyHost=IP_ADDRESS" />

   <VMArg name="-Dhttp.proxyPort=1234" />

   <VMArg name="-Dhttp.nonProxyHosts=localhost|127.0.0.1" />

   <VMArg name="-Dhttp.proxyUser=some_name" />

   <VMArg name="-Dhttp.proxyPassword=some_password" />

</ConfigurationFragment>