In the blog post Calling SOAP web services from IBM App Connect flows (Part 1), we introduced a new capability, which enables you to import SOAP web services into the IBM App Connect catalog and then call these services from your flows.
In this blog post, we are going to describe how you can make calls to web service endpoints on a private network (for example, your company network or a private cloud) by using the IBM Secure Gateway Client. We’ll also show you how to set HTTP transport headers when calling an endpoint.
To access endpoints in a private network, a Secure Gateway Client must be running on a server, which can act as a tunnel to connect to the endpoint. From App Connect, you can download and install the Secure Gateway Client, which will allow you to expose targeted endpoints on your private network. To complete this task, you might need help from an administrator who has authority to configure security for the private network.
For simplicity, this blog post assumes that a SOAP web service has already been imported into App Connect, as described in our previous blog post.
Creating a network
There are a number of ways to create a network in App Connect. In this example, we’ll create one as part of connecting to an imported web service.
In the App Connect UI, go to the Catalog > APIs page, and locate the relevant web service (in this case AddressLookup). Then, either click Connect if you haven’t yet set up an account, or select Add a new account from the Account list if you want to add another account.
You’ll see a set of fields for connecting to the web service endpoint, and can use the Network name field to select an existing preconfigured network or to create a new network by selecting Connect a new network.
If you opt to create a network, you are directed to a “Connect your network” page from where you can download the installer for a Secure Gateway Client that will allow access to your endpoint. Enter a name for the network and then click Submit to request a Gateway ID
and a Security token
from the IBM Secure Gateway (on IBM Cloud). Then, use these values to configure the Secure Gateway Client during its installation on your local system. For more information, see the Configuring a private network tutorial.
Creating an account
To use a Secure Gateway to connect to your imported web service in a private network, you must set the following values when creating the account in App Connect:
- Override the host name and port of the SOAP address: In this field, specify the protocol, host, and port of the endpoint being connected to (but no path details). For example:
http://myhost.ibm.com:3002
.
- Network name: From this drop-down list, select the network that you created in the preceding Creating a network section.
When you click Connect, the host and port are registered with the IBM Cloud Secure Gateway instance. Note that this host and port must also be configured in the ACL list for the Secure Gateway Client that’s running on your local system.
Using the web service in your flow
You can use the connected web service in an event-driven or API flow in much the same way as any application in the App Connect catalog.
Here, we are going to use one of the actions in our AddressLookup web service to make a SOAP request, and we are also going to specify additional HTTP headers. We’ll use an API flow to implement a retrieve operation that invokes a target action named postcode.
- From the flow editor, click the APIs tab to display a list of APIs and web services that you are currently connected to, and then click the AddressLookup web service to view the available actions. These actions denote the operations from the web service WSDL definition. Select the action that you want to invoke (in this case postcode).
- Make sure that the correct account for connecting to the Secure Gateway is selected. Then use the text fields to specify input values for the request.
- To add a new HTTP request header, click Add property under the HTTP request header section to switch to the property editor. Define the header names (with a data type of
String
), and when done, click Edit mappings to set their values.
- Populate the header values either manually or from the output of earlier nodes in the flow.
- Complete the Response node. As with any other application in the App Connect catalog, response properties from the web service can be used by subsequent nodes in the flow.
- Start the flow. When the flow runs, the web service is invoked via the Secure Gateway and the specified HTTP headers are included in the request.
Conclusion
We’ve demonstrated how to enable an imported web service to call out to an endpoint running on a private network, provided there is a Secure Gateway configured to expose it. This function allows you to exploit endpoints running on a local machine, on your company network, or a private cloud. In addition, you can also set any custom HTTP header in the request to the web service backend.