API Gateway 10.11 | Administering API Gateway | Security Configuration | Ports | Configuring the API Gateway Internal listener
 
Configuring the API Gateway Internal listener
The API Gateway Internal listener processes the requests received from the API Gateway External port and sends responses to API Gateway. This procedure describes how to connect the Internal listener to API Gateway.
*To configure the API Gateway Internal listener
1. Expand the menu options icon , in the title bar, and select Administration.
2. Select Security > Ports.
The ports page lists all the ports configured with API Gateway, if any.
3. Click Add Ports.
4. Select the type of port as API Gateway internal and click Add.
5. Provide the following information:
Field
Description
Protocol
Specifies the protocol to use for this port (HTTP or HTTPS).
If you select HTTPS, additional security and credential boxes appear for which you have to provide the required values.
Description (optional)
A description of the port.
Alias
Specifies an alias for the port.
An alias must be between 1 and 255 characters in length and include one or more of the following: letters (a -z, A-Z), numbers (0-9), underscore (_), period (.), and hyphen (-).
Max connections
Specifies the number of connections maintained between API Gateway Internal port and API Gateway.
The default value is 5.
Private threadpool configuration. Specifies whether to create a private thread pool for this port or use the common thread pool.
Enable
Select to enable the private threadpool configuration for this port.
Threadpool min
Specifies the minimum number of threads for this private threadpool. The default value is 1.
Threadpool max
Specifies the maximum number of threads for this private thread pool. The default value is 5.
Thread priority
Specifies the Java thread priority. The default value is 5.
API Gateway external server. Provide the following details to configure API Gateway external server.
Host
Specifies the host name or IP address of the machine on which the server is running.
Port
Specifies the port number of the registration port on the Server.
Registration credentials (optional)
User name
Specifies the name of the user on API Gateway that the internal server should connect as.
Password
Specifies the password of the user on API Gateway that the internal server should connect as.
External client security.
Client authentication
Specifies the type of client authentication the internal server performs against external clients. External clients pass their authentication information to API Gateway, which in turn passes it to the internal server.
Select one of the following:
*Username/Password. API Gateway does not request client certificates. Instead it looks for user and password information in the request header.
*Digest. The Internal Server looks for password digest information in the request header.
*Request Client Certificate. API Gateway requests client certificates for requests from external clients. If the client does not provide a certificate, the server prompts the client for a userid and password. The server checks whether the certificate exactly matches a client certificate on file and is signed by a trusted authority. If so, the client is logged in as the user to which the certificate is mapped in API Gateway. If not, the client request fails, unless central user management is configured.
*Require Client Certificate. API Gateway requires client certificates for requests from external clients. If the external client does not supply a certificate, the request fails.
6. Click Add.
The port is created and is listed in the ports table.
Important:
The default access mode of the port is set to Allow by default. This implies that the port allows connections to all ESB services and folders, which in turn, increases the risk of exposing all enterprise assets hosted in internal Integration Server. Also, the risk is higher when the IS assets are secured by Anonymous Access Control Lists (ACL) or if the installation is exposed to the public internet. Hence, to avoid any potential security risk, you can set the access mode of the port to Deny by default before enabling it. When you change the access mode, you add the required services and folders to the Allow list. For more information, see Configuring Access Mode for a Port.
7. Click the icon in the Enabled column next to the port to enable the port.
The port is enabled and a success message appears.