Introduction
The HTTP connector in IBM App Connect can make calls to endpoints on a private network (for example, your company network or a private cloud) by using the IBM Secure Gateway Client.
To access non publicly available endpoints, a Secure Gateway Client must be running on a server which can act as a tunnel to connect to the endpoint.
From App Connect, you can download and install the Secure Gateway Client, which will allow you to expose targeted endpoints on your private network. To complete the task, you might need help from an administrator who has authority to configure security for the private network.
Creating a network
There are a number of ways to create a network in App Connect. In this example, we will create one as part of connecting to an HTTP connector.
In the App Connect UI, go to the Catalog > Applications page, and then locate the HTTP connector. From the Account list, select Add a new account.
You’ll see a set of fields for connecting to an HTTP endpoint, and can use the Network name field to either select an existing preconfigured network or to create a new one by using Create a new network.
When you opt to create a new network, you will be directed to a page to connect to your network. This will give you the chance to download the installer for a Secure Gateway Client, which will allow you to access your endpoint.
Enter a description of the network and then click Submit. This will be sent to the IBM Secure Gateway (on IBM Cloud), which will return a Gateway ID and a Security Token. These values are used to configure the Secure Gateway Client running on your local system. For details about how to configure the Secure Gateway Client, see the Configuring a private network tutorial.
Creating an account
To use a Secure Gateway with the HTTP connector, you must set the following values when creating a new HTTP connector account:
- Override the HTTP endpoint host name and port of the URL used in the flow
- Network name
In the Override the HTTP endpoint host name and port of the URL used in the flow field, specify the protocol, host, and port of the endpoint being connected to (but no path details at this point). For example: http://myhost.ibm.com:3002.
From the Network name drop down list, select the network that you created in the Creating a network section above.
On clicking Connect, the host and port details will be registered with the IBM Cloud Secure Gateway instance. You still need to make sure that the host and port are configured on your Secure Gateway Client’s ACL list running on your local system.
Using the Secure Gateway in a flow
Select the HTTP connector to be used in a flow.
Select the account that was configured to use the Secure Gateway.
Under URL (fully qualified), enter the full URL you want to invoke, including the path; for example: http://myhost.ibm.com:3002/echo?param1=a.
For more information about using the HTTP connector in a flow, see Introducing the App Connect HTTP connector.
When the flow is invoked, the HTTP call will be made through the Secure Gateway and forwarded on to the endpoint specified. You can see this interaction by viewing the Secure Gateway logs.
Conclusion
We have now enabled the HTTP connector to be able to call out to any private HTTP endpoint, provided there is a Secure Gateway configured to expose it. This will allow you to exploit endpoints running on a local machine, on your company network, or a private cloud.