Chris Phillips’ Blog - API, Integration and Governance

The IBM Developer Portal is essential for socialising your APIs to external consumers. In order to do this it must be accessible outside of your Internal Network. It is not good practice to deploy the Developer Portal directly in your DMZ and grant users direct access. The De-Militarised Zone (DMZ) is designed to be a hostile, barren place for attackers; software deployed there should have minimal function, deployed on a hardened platform, and be designed for DMZ deployment. With this in mind, we suggest that that a reverse proxy should be deployed in your DMZ, which forwards requests to the Developer Portal, and the Developer Portal should in turn be deployed in a separate secure zone designed for servers (not directly on your internal lan!). One option for a reverse proxy implementation would be to use IBM DataPower, which has facilities to provide a reverse proxy within its WAF capabilities. This article will explain how to configure a WAF as a Reverse Proxy for the Developer Portal on a Physical, Linux-based or Virtual DataPower. This can also be done with DataPower in Kubernetes but the configuration needs to be placed in a ConfigMap and that will be not be covered by these instructions.

A request will come from the Web Browser into IBM DataPower, and this will then be forwarded to the Developer Portal pods, using the same URL all the way through.

This is not announcement, all these dates have been already announced by IBM but I am posting this to highlight. I have shared links to where the information is available. Please confirm all information with your IBM rep if you have any concerns. Please note any changes to the information may not be updated on this blog so look at the provided links for the up to date information.

1. API Connect 10.0.5, - End of support 30th June 2025 - https://www.ibm.com/support/pages/node/565445
2. IBM Cloud Pak for Integration v2022.2.1 ** - End of support **31st December 2024 - This includes the capablities installed inside of it even if those stand alone capabilities are still in support. - https://www.ibm.com/support/pages/node/6593109

I am often asked if there is a way we can limit the range of IPs that we accept calling an API Gateway. This can be done with a GlobalPolicy and a little GatewayScript.

Amit Kumar Singh from my team built some GatewayScript that will do this check.

This article will explain how to enable Open Telemetry on API Connect 10.0.8.0 with DataPower 10.6.0.1. In order to apply these settings today, a GW extension must be used. This article will explain the steps to build the gateway extension.

Thanks to Zach Groseclose and Ben Stern for assisting with this.

For an introduction to OpenTelemetry please refer to our previous article on OpenTelemetry for AppConnect https://chrisphillips-cminion.github.io/ace/2024/04/22/ACE-Otel.html

For the last year a small team and I have been updating the API Connect WhitePaper to cover changes between 10.0.1 and 10.0.8.

The previous versions of this WhitePaper have assisted clients, IBMers and Business Partners from around the world deploying and understanding IBM API Connect.

For this release we have changed our approach to deployment patterns to ensure that we could accurately show the flexibility of the product while at the same time provide a clear cookbook of options.

Our intention is not to make our audience wait another 2.5 years for the next version, we are intending to update this every few months as new function is provided that makes sense for us to include.

To download a copy please head over to IBM Communities.

https://community.ibm.com/community/user/integration/viewdocument/ibm-api-connect-v1008x-deploymen?CommunityKey=2106cca0-a9f9-45c6-9b28-01a28f4ce947

A client asked how they can make two invokes in API Connect asynchronous. This is not possible with the invoke policies as they must always be synchronous. However it can be done with JavaScript/GatewayScript.

When using the rate limit policy on the Assembly you need to first create a rate limit in datpower in the API Gateway object. This must be done via a GatewayExtension to stop the policy being removed when a publish request is done from API Connect.

This article will show you to create the rate limit objects in DataPower using a gateway extension.

We will create a rate limit called chrisblog-ratelimit that can be referenced from a rate limit policy.

While testing disaster recovery it is advisable to take offline the primary API Manager. This instructions will cover OpenShift and Kubernetes.

Setting a downstream proxy is often a requirement when API Connect needs to make calls to the invoke downstream services on the internet.