+

Secure your APIs with Anypoint Flex Gateway in connected mode (API Manager)

10 min read
Was this tutorial helpful?
Thank you for your feedback!

When you install Flex Gateway in connected mode, you can view your gateways, your API instances, and policy configurations in API Manager. Once you have installed, registered, and started your gateway in connected mode, you can now secure your APIs from API Manager.

In this tutorial, you’ll learn how to:

  • Add a new API in API Manager
  • Test the gateway is correctly configured with our REST API
  • Change the base path to call the API
  • Apply a basic authentication policy to the API
  • Apply a rate-limiting policy to the API


Prerequisites

Add a new API in API Manager

1 - Log in to Anypoint Platform and navigate to API Manager. You can access it through the menu button on the top left of the screen. Click on Add API > Add new API.

API Manager > Add API > Add new API

2 - Select the Flex Gateway runtime and select the target gateway you created in the previous tutorial (link in the prerequisites). Click on Next.

API Manager > Add API > Runtime

3 - Let’s create a new API to see the steps and configuration needed from Exchange. Select the Create new API option. Add the name of the API you want to create in Exchange. For example, JSONPlaceholder. Select HTTP API as the asset type and click on Next.

API Manager > Add API > API

4 - Add the Implementation URI so the gateway knows which URI to use for this API. In our case, let’s add the following:

https://jsonplaceholder.typicode.com

5a - If you’re running Flex Gateway as a Docker container or as a Linux service, you can leave all the defaults and click on Next.

image

5b - If you’re running Flex Gateway as a Kubernetes Ingress Controller, click on Advanced options and change the port to 80. Click on Next.

We’re using port 80 because that’s the port associated with HTTP. You can verify the port for your configuration by running kubectl get services --namespace gateway.

image

6 - Review all your details and click Save & Deploy.

API Manager > Add API > Review

7 - You should now have a new API with an Active status.

API Manager > Settings

Test the gateway

We finished the setup to connect our Flex Gateway (Runtime Manager) to the API we just created in Exchange (from API Manager). Now we need to test this connection.

1 - Go to your command line or your REST Client and make a call to the following URL. This is only to verify the original API’s URL is working before we try to hit it from the gateway.

URL:

https://jsonplaceholder.typicode.com/users/1

curl command:

1
curl https://jsonplaceholder.typicode.com/users/1

Postman:

Postman

Now let’s see what is the URL we need to use to call the API through our newly set up Flex Gateway. We should use the Flex Gateway’s host and port, like so: http://<host>:<port>/users/1.

2a - If you installed it as a Docker container or as a Linux service in your local machine, you can use localhost and port 8081.

http://localhost:8081/users/1

2b - If you installed it as a Kubernetes Ingress Controller, you can use the following command to get the external IP (or public host) and HTTP port.

Command:

1
kubectl get services --namespace gateway

Output:

1
2
NAME      TYPE           CLUSTER-IP       EXTERNAL-IP                         PORT(S)                      AGE
ingress   LoadBalancer   172.21.104.120   550f1-279.us-west-1.amazonaws.com   80:30253/TCP,443:30270/TCP   4m23s

In this case, we should use the following URL:

http://550f1-279.us-west-1.amazonaws.com:80/users/1

3 - Once you know which URL you need to use, call it using either curl or Postman. The response should be the same one you get when calling the API directly.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{
  "id": 1,
  "name": "Leanne Graham",
  "username": "Bret",
  "email": "Sincere@april.biz",
  "address": {
    "street": "Kulas Light",
    "suite": "Apt. 556",
    "city": "Gwenborough",
    "zipcode": "92998-3874",
    "geo": {
      "lat": "-37.3159",
      "lng": "81.1496"
    }
  },
  "phone": "1-770-736-8031 x56442",
  "website": "hildegard.org",
  "company": {
    "name": "Romaguera-Crona",
    "catchPhrase": "Multi-layered client-server neural-net",
    "bs": "harness real-time e-markets"
  }
}

We have verified we are connected to the API through our gateway. You will use this host and port from now on for the rest of the tutorial.

Make sure the port you use in the URL matches the one you set up in API Manager.

If you run the curl command with the -v argument, you will be able to see at least one envoy header being returned in the response. For example, curl -v <URL>. The gateway adds this. You can also see it in Postman from the Headers tab in the response section.

Change the base path

Now that we know our gateway is connected to the API, let’s do some changes from API Manager to see them reflected almost immediately.

1 - In API Manager, make sure you are located inside the API we just created. Click on the Settings tab from the left and scroll down until you see the Runtime & Endpoint Configuration option. Click on it to reveal the configuration.

API Manager > Settings > Runtime & Endpoint Configuration

2 - Change the Base Path to be /api and make sure the Implementation URI doesn’t end in /. Click on Save & Apply.

API Manager > Settings > Runtime & Endpoint Configuration settings

3 - You won’t be able to send requests to the previous URI in a couple of seconds (or in less than a second). The base path now has to include /api. Use curl or Postman to test the new URI. You should receive the same response as before. For example:

Before:

http://localhost:8081/users/1

After:

http://localhost:8081/api/users/1

Postman sometimes caches the response. If you do not see changes after a while, try using curl or your browser instead.

Apply a basic authentication policy

Now let’s see how to apply some policies to our gateway. Still inside your API in API Manager, select the Policies tab from the left side of the screen.

API Manager > Policies

After you click on Add policy, all the predefined policies will be listed here. You can search by policy name or browse by category.

API Manager > Add policy

1 - To apply the basic authentication policy, select it from the security category and click on Next.

API Manager > Add policy > basic auth

2 - Add any values you want to set up. In our case, let’s add the following values:

User Name foo
User Password bar

Leave the rest of the options with the default values and click Apply.

API Manager > Add policy > basic auth > configuration

3 - You won’t be able to send requests to the previous URI. The request now has to include this basic auth. Once you add the credentials to the request, you should receive the same response as before. For example:

curl command:

1
curl -u foo:bar http://localhost:8081/api/users/1

Postman:

API Manager > Add policy > basic auth > configuration

From Postman, click on View > Toggle Two-Pane View to see your request on the left side of the screen and your response on the right side.

Apply a rate-limiting policy

1 - Click on Add policy to add an additional policy to our current API. Select the Rate Limiting policy from the quality of service category. Click on Next.

API Manager > Add policy

2 - Add any values you want to set up. In our case, let’s add the following values for testing purposes:

Number of Requests 5
Time Period 10
Time Unit Second
Expose Headers True ✅

Leave the rest of the options with the default values and click Apply.

API Manager > Add policy > rate limiting

3a - You can try to send several requests from Postman and you’ll eventually get a 429 Too Many Requests status code. You can take a look at the response headers to see the 3 rate-limiting headers and their values.

Postman

3b - If you’re using curl, you can use the following command to send one request per second until you get the "Too many requests" response. This is helpful to visualize the response headers easier. Make sure to replace the given URI example with your own.

1
while true ; do curl -v -u foo:bar http://localhost:8081/api/users/1 ; sleep 1 ; done

Terminal

Next Steps

In this tutorial, you learned how to:

  • Add a new API in API Manager
  • Test that the gateway was correctly configured with our REST API
  • Change the base path to call the API
  • Apply a basic authentication policy to the API
  • Apply a rate-limiting policy to the API

Remember to visit our other Flex Gateway tutorials to learn how to install it in different deployment options: in local mode, as a Linux service, as a Docker container, or as a Kubernetes ingress controller. You can find the list of other Flex Gateway tutorials here.

Try Anypoint Platform for free

Start free trial