Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
This article explains how requests can be authenticated using certificates while invoking the native request.
It is assumed that readers of this article know how to set up API and configure policies on the API gateway.
• Access to webMethods.io Integration and webMethods.io API Gateway
• Flow service exposed as API on webMethods.io integration.
• Generate the certificates on webMethods.io integration.
• Refer below link to create the flow service on webMethods.io integration. FlowServices - webMethods.io Integration
• Refer below link to generate\configure the certificates on webMethods.io Integration Two-Way SSL - webMethods.io Integration
• Refer below link to create the API on API Gateway Create your first Rest API - webMethods.io API Gateway
• In our case we have created a flow service on webMethods.io Integration • This flow service is exposed as API on webMethods.io integration • This flowservice endpoints are exposed and secured by the certificates. • To invoke this API, we need to pass the certificates for authentication. • In our case we are going to configure the native API endpoints on API Gateway. • When the request is sent from API Gateway to the native endpoints then the certificates will be sent along with the request. • These certificates will be configured on API Gateway.
• Mutual Authentication, also commonly referred to as Two-Way Authentication or Two-Way SSL. • It refers to the combination of both Server and Client Authentication. • In this mechanism the server is authenticating itself to the client, and the client is authenticating itself to the server in order to establish a secure encrypted channel between them
Implementation done on webMethods.io Integration • Created a flow service. • Enabled the http endpoints on flow service.
• Generated the certificates from the platform in *.jks format.
Implementation done on webMethods.io API Gateway
• Created the alias for keystore
• Configure the API with policies. • In our case we have created the API named “SumAPI” • Configuration of traffic monitoring policy for logging the request and response.
• Configuration of routing policy with custom keystore and alias.
Failure scenario: When custom keystore is not configured on the routing policy of API GW
Successful scenario: When custom keystore is configured on the routing policy of API GW