Chris Phillips’ Blog - API, Integration and Governance

I have been a vim user for 25years of my 40year life it is my primary editor. I started using Atom along side it five years ago. I am playfully being mocked and so I am starting to learn VSCode.

I use terminals to navigate my filesystem and some one of the things I liked was that i could just type vim filename and i can edit a file, or atom . and load the directory in Atom.

EDIT - Of course within 10mins of publishing this article I have been told there is a native way of doing this

Control+Shift+P and select Install 'code' command in PATH

However I am going to keep using the alias for now.

Over the next two weeks I will take to the stage four times, three in person, only one virtually.

Tonight (15th) and Tomorrow (16th), I will be joining my daughter’s dance show as part of the BB Dads with Blue Butterfly Studios delivering Top Dads. This is the first time I have appeared on stage to dance….

I will be delivering my - Why you should own an internal platform for your External AI and SaaS Providers at

• Wednesday 19th March - IBM TechConnect
• Thursday 27th March - SRE Days London

This is an update to a previous article. The changes are the samples and examples.

A Circuit breaker pattern is becoming a common pattern for remote calls today. The purpose of the circuit breaker is to detect when a series of errors are returned and block traffic for a time period, thus giving the backend system time to recover.

When accessing IBM DataPower in a container we recommend it is accessed via the CLI. However, if there is a lot of traffic in the IBM DataPower this can make it difficult to follow as the log messages are sent to the screen.

I’m excited to be speaking at SREday London 2025 Q1! Join us on March 27-28 for two days of amazing talks and networking!

Register here: https://sreday.com/2025-london-q1/ Don’t forget to use the code LDN10 for 10% off!

This session will explore how platform teams can productize external AI and SaaS providers, giving businesses greater flexibility, control, and security over their external services. We’ll cover best practices for managing APIs and improving resilience.

See you there!

API Connect has the facility to use third party oAuth providers. This means that you can use nearly any oAuth security provider to secure APIs providing it can be reached by the API Gateway.

This is great for Authentication however for Authorization this leads to a number of options that need to be considered.

Definitions • Authentication - is validating the user is who they say they are • Authorization – is validating they have permissions to do what they are requesting

The IBM Developer Portal is essential for socialising your APIs to external consumers. In order to do this it must be accessible outside of your Internal Network. It is not good practice to deploy the Developer Portal directly in your DMZ and grant users direct access. The De-Militarised Zone (DMZ) is designed to be a hostile, barren place for attackers; software deployed there should have minimal function, deployed on a hardened platform, and be designed for DMZ deployment. With this in mind, we suggest that that a reverse proxy should be deployed in your DMZ, which forwards requests to the Developer Portal, and the Developer Portal should in turn be deployed in a separate secure zone designed for servers (not directly on your internal lan!). One option for a reverse proxy implementation would be to use IBM DataPower, which has facilities to provide a reverse proxy within its WAF capabilities. This article will explain how to configure a WAF as a Reverse Proxy for the Developer Portal on a Physical, Linux-based or Virtual DataPower. This can also be done with DataPower in Kubernetes but the configuration needs to be placed in a ConfigMap and that will be not be covered by these instructions.

A request will come from the Web Browser into IBM DataPower, and this will then be forwarded to the Developer Portal pods, using the same URL all the way through.

This is not announcement, all these dates have been already announced by IBM but I am posting this to highlight. I have shared links to where the information is available. Please confirm all information with your IBM rep if you have any concerns. Please note any changes to the information may not be updated on this blog so look at the provided links for the up to date information.

1. API Connect 10.0.5, - End of support 30th June 2025 - https://www.ibm.com/support/pages/node/565445
2. IBM Cloud Pak for Integration v2022.2.1 ** - End of support **31st December 2024 - This includes the capablities installed inside of it even if those stand alone capabilities are still in support. - https://www.ibm.com/support/pages/node/6593109

I am often asked if there is a way we can limit the range of IPs that we accept calling an API Gateway. This can be done with a GlobalPolicy and a little GatewayScript.

Amit Kumar Singh from my team built some GatewayScript that will do this check.

This article will explain how to enable Open Telemetry on API Connect 10.0.8.0 with DataPower 10.6.0.1. In order to apply these settings today, a GW extension must be used. This article will explain the steps to build the gateway extension.

Thanks to Zach Groseclose and Ben Stern for assisting with this.

For an introduction to OpenTelemetry please refer to our previous article on OpenTelemetry for AppConnect https://chrisphillips-cminion.github.io/ace/2024/04/22/ACE-Otel.html