This article provides information about enrolling a CA API Gateway after the tenant record is created.
After a tenant record is created, you must enroll an API Gateway to handle API run-time traffic for example, managing and creating services. The API Gateway is a component that exposes, secures, and manages back-end applications, network systems, or infrastructure through services and APIs.
This article contains the following information:
Before You Begin
Before enrolling an API Gateway, ensure that the following requirements are met:
The tenant record must be created. See Create the API Portal Tenant.
The following tools are correctly installed, configured, secured, and tested:
- CA API Gateway 9.2.00 CR05 to CR07 or 9.3
- OAuth Toolkit (OTK) version 3.6, 4.x
- The OTK installation has the following properties:
- No instance modifier.
- The Shared Portal and Internal, Portal solution kits are installed. These solution kits, available when installing the OAuth Solution Kit, are required for integrating with the API Portal.
- The default JDBC connection named OAuth is used.
- Ensure that no global policies are configured on the API Gateway.
- Have the API Portal hostname (for example, apim.mycompany.com) mapped in your DNS server or in the hosts file of your Gateway
- The time on the API Gateway is synchronized with the API Portal. Typically, both entities point to the same NTP server.
Before enrolling the API Gateway, take a snapshot of the API Portal as a backup.
Enroll a Gateway
To enroll a Gateway on API Portal, perform the following steps:
- In a browser, navigate to the new tenant URL that you defined in enroll.json.
Log in to the API Portal as the API Portal administrator using the following default credentials:
Change the default password upon login.
- Password: 7layer
- Select the Services icon.
- Select Publish, Proxies.
The API Proxy page displays.
- Select Add Proxy.
- Enter a name in the Proxy Name field.
- Select Automatic, On Demand, or Scripted deployment type. For more information, see Deployment Types.
- Select Create.
The Proxy Enrollment page displays.
- In Enrollment URL, select Select URL and copy the value.
- Using the CA API Gateway Policy Manager, connect to your CA API Gateway.
- After you are logged in, select Tasks, Extensions and Add-Ons, Enroll with Portal.
- Paste the enrollment URL in the Enroll with SaaS Portal window and select Apply.
- Log in to your new tenant Portal, for example, mytenant.mycompany.com and validate that the external tenant displays.
- Restart the API Gateway by running
service ssg restart on the API Gateway server.
When enrolling a proxy, select one of the following deployment types:
- Automatic – Gateway published APIs must use the automatic deployment type.
See Manage API Deployments for more information about selecting a deployment type.
After the administrator deploys the API Portal, the following functionalities are available for the users:
- Publish an API, and view the details of the API from API Catalog page
- Create and manage users
- Self-register to Portal and view the APIs
- Create Organizations and Account Plans
- Approve or reject requests from the Requests page
- Perform configurations from the Settings page
- Only view APIs in the API explorer.
Because you are not enrolled with API Proxy, you cannot test the APIs from the API Explorer option.
Integrate with API proxy clusters to perform the following tasks:
- Publish APIs
- Manage API keys
- View the analytics data in the Analytics dashboard
- Test the APIs on Proxy using the API Explorer
Failed Gateway Deployment?
If you tried to enroll an API Gateway with an API Portal but the enrollment failed, clean up the API Gateway and Portal before you try again.
Use the following procedures whether you set up the API Gateway on AWS or on another cloud or network.
To clean up the API Gateway:
- In the Policy Manager, log in to the Gateway as a Gateway administrator.
- On the Tasks menu, select Certificates, Keys and Secrets and Manage Certificates. Use the dialog to remove the TSSG, PSSG and DSSG certificates. Note: Do not delete the API Gateway self-signed SSL certificate.
- On the Tasks menu, select Certificates, Keys and Secrets and Manage Private Keys. Use the dialog to remove the portalman private key.
- On the Tasks menu, select Global Settings and Manage Scheduled Tasks. Use the dialog to remove the following tasks:
- Portal Sync Application
- Portal Sync API
- Portal Tenant Sync Policy Template
- Portal Sync Account Plan
- Portal Bulk Sync Application
- Portal Check Bundle Version
- Delete Portal Entities
- Move Metrics Data Off Box Task
- Portal Sync SSO Configuration
- On the Tasks menu, select Global Settings and Manage Cluster-wide Properties. Use the dialog to remove all properties that begin with portal.
Restart Gateway service.
To remove the Portal:
- Log in to the API Portal as an API Portal administrator.
- On the navigation bar, select the Services icon and select Proxies.
- On the API Proxy page, select Add Proxy to add new API proxy, enter a different name, and select Create.
- Copy the enrollment URL.
- Connect to the API Gateway with the Policy Manager.
- In the Policy Manager, select Tasks on the top menu bar.
- On the menu, select Extensions and Add-Ons, Enroll with Portal.
- Paste the enrollment URL in the Enroll with SaaS Portal window.
- On the API Proxy page, delete the old API proxy which is enrolled with the same API gateway.
Update Portal Integration
To enroll Portal or to update the enrollment bundle:
- Log in as admin.
- After you are logged in, select Tasks on the top menu bar.
- On the menu, select Extensions and Add-Ons
- Select Enroll with Portal or Update Portal Integration.