webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to Library

JWT protected API testing in API Portal published from API Gateway 

Fri September 28, 2018 04:52 AM

webMethods API Portal tutorial

Introduction:

An Administrator must perform the instructions mentioned in this document for enabling the JWT settings in API Gateway and publish JWT protected API to API Portal. Upon performing these instructions, the API consumer can request for JWT tokens and test the APIs using API Tryout page. 

Steps:

The following steps should be followed to complete the setup,

  1. Check JWT settings in API Gateway
  2. Configure KeyStore & TrustStore in API Gateway
  3. Create JWT provider in API Gateway
  4. Create HTTPS port in API Gateway
  5. Configure API Portal & API Gateway information in Destiniations tab of Administration page in API Gateway
  6. Publish JWT protected API to API Portal
  7. Tryout JWT protected API from API Portal

Check JWT settings in API Gateway

  1. Login to API Gateway, http://localhost:9072/apigatewayui as Administrator & go to Administration page.
  2. Under "General" tab, click "Extended settings" section.
  3. In the list of settings shown, look for "pg_JWT_isHTTPS" and make sure it is set to "true".         
    1985×815 73.7 KB

Configure KeyStore & TrustStore in API Gateway

  1. Login to API Gateway, http://localhost:9072/apigatewayui as Administrator & go to Administration page.
  2. Click on "Security" tab.
  3. Under "Keystore/Truststore" section, you can add a new KeyStore or TrustStore by clicking "Add..." button or use the default IS keystore & truststore which is already configured.
  4. Under "Configure keystore and truststore settings, select the respective Keystore & Trsustore aliases in the dropdown.          
    1482×900 58.5 KB

Create JWT provider in API Gateway

  1. Go to Administration page, click on "Security" tab and click on "JWT" section.
  2. Under JWT configuration section, Provide "Token issuer" name, "Algorithm", "Expiry duration", "Keystore alias informations and click "Save" button.         
    1985×667 49.7 KB

Create HTTPS port in API Gateway

  1. Login to API Gateway, http://localhost:9072/apigatewayui as Administrator & go to Administration page.
  2. Click "Security" tab and click on Ports section.
    1657×679 43 KB
  3. Click on "Add ports" button, select type as "HTTPS" and click "Add" button.
    1468×633 33.9 KB
  4. Provide value for "Port", "Alias", select Keystore alias and Truststore alias under "Listener specific credentials" section and click "Add" button.
    1983×893 56.4 KB
  5. Once the newly created port is listed in "Ports" page, click on "x" mark to enable the port.
    1977×580 40.2 KB
  6. In the confirmation popup, click on "Yes" to enable the port.
    1226×383 20.6 KB

1046×303 16.1 KB
  

Configure API Portal & API Gateway information in Destinations tab of Administration page

  1. Go to Administration page and click on "Destinations" tab.
  2. Click on API Portal Configuration section.
  3. Provide required API Portal & API Gateway instance information (make sure HTTPS url of Gateway is provided) and click "Publish" button.         
    1985×967 65 KB

Publish JWT protected API to API Portal

  1. Login to API Gateway and import a SOAP or REST API.
  2. In API details page click "Edit" button, click "Policies" tab. Expand "Identify & Access" section, add "Identify & Authorize Application" policy and click "JWT" under "Identification Type" of this policy.
    1985×1115 88.7 KB
  3. Save the API changes, activate the API and publish it to API Portal.

Tryout JWT protected API from API Portal

  1. Login to API Portal and go to API details page of the JWT protected API.
  2. In API details page, click on "Get access token" link.
    1985×816 60.3 KB
  3. In "Request API access token" popup, provide Application name and click "Request token" button.
    1985×829 68.3 KB
  4. In API details page, click on "Try API" button and go to API tryout page. In try page, the requested access token will be listed under "Applications" dropdown. Click on the "Get JSON Web Token" button to get JWT token.
    1985×868 52.7 KB
  5. In the JWT popup, provide API Gateway administrator credentials and click "OK" button. The generated JWT token will be listed under Available tokens section.
    1985×1004 88.6 KB
  6. On clicking the "Test' button, invocation happens using JWT token selected under "Available tokens" section and response will be shown.
    1985×1082 76.3 KB

#webMethods
#wiki
#API-Portal
#API-Management

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads