Chris Phillips’ Blog - API, Integration and Governance

Client credentials in IBM API Connect (APIC) are used for authentication and authorization for applications which need to access protected APIs. There are two main types of client credentials: Client ID: A unique identifier for the client application or service. Client Secret: A secret key known only to the client and the API Connect gateway.

It is used to ensure that only authorized clients can access protected APIs and resources.

The client credentials created within IBM APIC does not have any expiry time but recently we are seeing many customers looking for these client credentials to get expired in certain number of days specified with a new one in place from security perspective.

There is no out of box feature as of now in IBM APIC for this but it can be achieved using platform Rest APIs provided by APIC. You can automate the client credentials rotation using the Rest APIs available.

Note: When you have rotated client id and secrets you must ensure your application calling the apis also has the credentials updated

One of my customers was writing a script to detect when the last message was got from an MQ QUEUE.

When running an APIConnect Gateway outside of Kubernetes it is often required to replace a DataPower VM or physical appliance. These steps listed here what is suggested as the process for completing this.

This weekend is my second dance show weekend where I am performing. My elder daughers have done the last six or seven Showtime events with Blue Butterflies. For what ever reason I volenteered to join last year and I performed March. https://chrisphillips-cminion.github.io/apiconnect/2025/03/15/StageTime.html

Well here we go again!

Three shows to go!

It is possible to parse an API request that has a multipart/related content type without using gateway script.

The key thing here is having two parses.

When applying an image override for the GatewayService human errors can sneak in. If there is a mistake in the image path causing it to be invalid the StatefulSet under the GatewayService will have two Running pods and a third in an ErrImagePull state. This is only an issue when the GatewayService has spec.updateStrategy.mode is set to automatic which is the default for API Gateways.

small-ocp-gw-0                                                   1/1     Running        0             23m
small-ocp-gw-1                                                   1/1     Running        0             20m
small-ocp-gw-2                                                   0/1     ErrImagePull   0             7s

DataPower has a number of features that can be enabled in API Connect with Gateway extensions. One of these is the DotDot feature that Allow requests that contain .. in the URL. To look at other features that can be enabled take a look here - https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=commands-allowed-features

Occasionally you may need to be given a special build from IBM containing fixes for a KnownIssue before they are shipped in a fixpack or a build which can be used to gather additional diagnostics. This is something I try to avoid but if support require additional diagnostic information it is often required.

API Connect has added facilities to allow you to analyse longer term data. The reporting facility that shipped in 10.0.8 shows reports from the previous 12 months. This is very useful as it can show quickly

• How many calls consumer organization has made
• How many APIs have no subscribers
• How has the call rate and latency changed for an API over the past several months As well as many other scenarios,

Recently in 10.0.10.0 we have released a rest interface to access this data. - There is a great article here https://community.ibm.com/community/user/blogs/anagha-biju/2025/06/27/access-long-term-analytics-with-summary-apis-in-v1 where you can learn more about this interface