Happy Goat for Life! Chris Phillips' Blog - API, Integration and Governance SME and Enthusiast

VS Code Alias

I have been a vim user for 25years of my 40year life it is my primary editor. I started using Atom along side it five years ago. I am playfully being mocked and so I am starting to learn VSCode.

I use terminals to navigate my filesystem and some one of the things I liked was that i could just type vim filename and i can edit a file, or atom . and load the directory in Atom.

EDIT - Of course within 10mins of publishing this article I have been told there is a native way of doing this

https://chrisphillips-cminion.github.io/images/vscode-wca2.png

Control+Shift+P and select Install 'code' command in PATH

However I am going to keep using the alias for now.


API CONNECT

Upcoming Events

Over the next two weeks I will take to the stage four times, three in person, only one virtually.

Tonight (15th) and Tomorrow (16th), I will be joining my daughter’s dance show as part of the BB Dads with Blue Butterfly Studios delivering Top Dads. This is the first time I have appeared on stage to dance….

I will be delivering my - Why you should own an internal platform for your External AI and SaaS Providers at

  • Wednesday 19th March - IBM TechConnect
  • Thursday 27th March - SRE Days London


API CONNECT

Circuit Breaker in API Connect

This is an update to a previous article. The changes are the samples and examples.

A Circuit breaker pattern is becoming a common pattern for remote calls today. The purpose of the circuit breaker is to detect when a series of errors are returned and block traffic for a time period, thus giving the backend system time to recover.



Accessing the IBM DataPower Command Line Interface (CLI) in a container
Guest Post by Chris Phillips Ivan Heninger

When accessing IBM DataPower in a container we recommend it is accessed via the CLI. However, if there is a lot of traffic in the IBM DataPower this can make it difficult to follow as the log messages are sent to the screen.


API CONNECT

SRE Days London 2025
Guest Post by Chris Phillips Simon Kapadia

I’m excited to be speaking at SREday London 2025 Q1! Join us on March 27-28 for two days of amazing talks and networking!

DMZ Flow

Register here: https://sreday.com/2025-london-q1/ Don’t forget to use the code LDN10 for 10% off!

This session will explore how platform teams can productize external AI and SaaS providers, giving businesses greater flexibility, control, and security over their external services. We’ll cover best practices for managing APIs and improving resilience.

See you there!


API CONNECT

API Authorization when using Third Party oAuth Providers in APIC
Guest Post by Chris Phillips Simon Kapadia

API Connect has the facility to use third party oAuth providers. This means that you can use nearly any oAuth security provider to secure APIs providing it can be reached by the API Gateway.

This is great for Authentication however for Authorization this leads to a number of options that need to be considered.

Definitions • Authentication - is validating the user is who they say they are • Authorization – is validating they have permissions to do what they are requesting


API CONNECT

Building a Reverse Proxy for the IBM Developer Portal with IBM DataPower
Guest Post by Chris Phillips Simon Kapadia

The IBM Developer Portal is essential for socialising your APIs to external consumers. In order to do this it must be accessible outside of your Internal Network. It is not good practice to deploy the Developer Portal directly in your DMZ and grant users direct access. The De-Militarised Zone (DMZ) is designed to be a hostile, barren place for attackers; software deployed there should have minimal function, deployed on a hardened platform, and be designed for DMZ deployment. With this in mind, we suggest that that a reverse proxy should be deployed in your DMZ, which forwards requests to the Developer Portal, and the Developer Portal should in turn be deployed in a separate secure zone designed for servers (not directly on your internal lan!). One option for a reverse proxy implementation would be to use IBM DataPower, which has facilities to provide a reverse proxy within its WAF capabilities. This article will explain how to configure a WAF as a Reverse Proxy for the Developer Portal on a Physical, Linux-based or Virtual DataPower. This can also be done with DataPower in Kubernetes but the configuration needs to be placed in a ConfigMap and that will be not be covered by these instructions.

DMZ Flow

A request will come from the Web Browser into IBM DataPower, and this will then be forwarded to the Developer Portal pods, using the same URL all the way through.


API CONNECT

Dates for your Diary
Guest Post by Chris Phillips

This is not announcement, all these dates have been already announced by IBM but I am posting this to highlight. I have shared links to where the information is available. Please confirm all information with your IBM rep if you have any concerns. Please note any changes to the information may not be updated on this blog so look at the provided links for the up to date information.

  1. API Connect 10.0.5, - End of support 30th June 2025 - https://www.ibm.com/support/pages/node/565445
  2. IBM Cloud Pak for Integration v2022.2.1 ** - End of support **31st December 2024 - This includes the capablities installed inside of it even if those stand alone capabilities are still in support. - https://www.ibm.com/support/pages/node/6593109


API CONNECT

API Connect - Filtering requests by source IP with the API Gateway.
Guest Post by Chris Phillips Amit Kumar Singh

I am often asked if there is a way we can limit the range of IPs that we accept calling an API Gateway. This can be done with a GlobalPolicy and a little GatewayScript.

Amit Kumar Singh from my team built some GatewayScript that will do this check.


API CONNECT

API Connect and OpenTelemetry
Guest Post by Amit Kumar Singh Chris Phillips

This article will explain how to enable Open Telemetry on API Connect 10.0.8.0 with DataPower 10.6.0.1. In order to apply these settings today, a GW extension must be used. This article will explain the steps to build the gateway extension.

Thanks to Zach Groseclose and Ben Stern for assisting with this.

For an introduction to OpenTelemetry please refer to our previous article on OpenTelemetry for AppConnect https://chrisphillips-cminion.github.io/ace/2024/04/22/ACE-Otel.html


Subscribe