When you install Flex Gateway in connected mode, you can view your gateways, your API instances, and policy configurations in API Manager. Once you have installed, registered, and started your gateway in connected mode, you can now secure your APIs from API Manager.
In this tutorial, you’ll learn how to:
1 - Log in to Anypoint Platform and navigate to API Manager. You can access it through the menu button on the top left of the screen. Click on Add API > Add new API.
2 - Select the Flex Gateway runtime and select the target gateway you created in the previous tutorial (link in the prerequisites). Click on Next.
3 - Let’s create a new API to see the steps and configuration needed from Exchange. Select the Create new API option. Add the name of the API you want to create in Exchange. For example, JSONPlaceholder
. Select HTTP API as the asset type and click on Next.
4 - Add the Implementation URI so the gateway knows which URI to use for this API. In our case, let’s add the following:
https://jsonplaceholder.typicode.com/
You can leave all the defaults and click on Next.
5 - Review all your details and click Save & Deploy.
6 - You should now have a new API with an Active status.
We finished the setup to connect our Flex Gateway (Runtime Manager/local) to the API we just created in Exchange (from API Manager). Now we need to test this connection.
1 - Go to your command line or your REST Client and make a call to the following URL. This is only to verify the original API’s URL is working before we try to hit it from the gateway.
URL:
https://jsonplaceholder.typicode.com/users/1
curl command:
1
curl https://jsonplaceholder.typicode.com/users/1
Postman:
2 - Now let’s call the same endpoint but now from the gateway in our local machine.
URL:
http://localhost:8081/users/1
curl command:
1
curl http://localhost:8081/users/1
Postman:
We have verified we are connected to the API through our gateway.
If you run the curl command with the -v
argument, you will be able to see at least one envoy
header being returned in the response. The gateway adds this. You can also see it in Postman from the Headers tab in the response section.
Now that we know our gateway is connected to the API, let’s do some changes from API Manager to see them reflected almost immediately.
1 - In API Manager, make sure you are located inside the API we just created. Click on the Settings tab from the left and scroll down until you see the Runtime & Endpoint Configuration option. Click on it to reveal the configuration.
2 - Change the Base Path to be /api
and make sure the Implementation URI doesn’t end in /
. Click on Save & Apply.
You won’t be able to send requests to the previous URI in a couple of seconds (or in less than a second). The base path now has to include /api
. Use the following URL to make calls from curl or Postman. You should receive the same response as before.
New URL:
http://localhost:8081/api/users/1
Postman sometimes caches the response. If you do not see changes after a while, try using curl or your browser instead.
Now let’s see how to apply some policies to our gateway. Still inside your API in API Manager, select the Policies tab from the left side of the screen.
After you click on Add policy, all the predefined policies will be listed here. You can search by policy name or browse by category.
1 - To apply the basic authentication policy, select it from the security category and click on Next.
2 - Add any values you want to set up. In our case, let’s add the following values:
User Name | foo |
User Password | bar |
Leave the rest of the options with the default values and click Apply.
3 - You won’t be able to send requests to the previous URI. The request now has to include this basic auth. Once you add the credentials to the request, you should receive the same response as before.
curl command:
1
curl -u foo:bar http://localhost:8081/api/users/1
Postman:
From Postman, click on View > Toggle Two-Pane View to see your request on the left side of the screen and your response on the right side.
1 - Click on Add policy to add an additional policy to our current API. Select the Rate Limiting policy from the quality of service category. Click on Next.
2 - Add any values you want to set up. In our case, let’s add the following values for testing purposes:
Number of Requests | 5 |
Time Period | 10 |
Time Unit | Second |
Expose Headers | True ✅ |
Leave the rest of the options with the default values and click Apply.
3 - You can try to send several requests from Postman and you’ll eventually get a 429 Too Many Requests status code. You can take a look at the response headers to see the 3 rate-limiting headers and their values.
If you’re using curl, you can use the following command to send one request per second until you get the “Too many requests” response. This is helpful to visualize the response headers easier.
1
while true ; do curl -v -u foo:bar http://localhost:8081/api/users/1 ; sleep 1 ; done
In this tutorial, you learned how to:
Remember to visit our other Flex Gateway tutorials to learn how to install it in different deployment options: in local mode, as a Linux service, or as a Kubernetes ingress controller. You can find the list of other Flex Gateway tutorials here.
Try Anypoint Platform for free
Start free trial