Configuring API Callback Processor Settings
API Gateway provides asynchronous form of API support for REST APIs with its capability of defining the callback component with the supported method parameters while creating a REST API.
You must have the Manage general administration configurations functional privileges to configure callback processor settings.
Configure the API callback processor setting All API callback requests so that API Gateway accepts all the requests from the client that contain the callback request URL and wraps the requests with its own URL before routing them to the native API. This lets API Gateway track the requests that the client sends to the native API and the callback messages that are sent by the native API to the client. In addition, you can use the settings Allow HTTPS access only and Process only allowed IPs requests to avoid any external threats in case an unauthorized user tries to access the protected resource. You can configure API Gateway to enforce any of the response processing policies that suits your needs on the immediate responses as well as the callback requests being sent from the native API to the client.
The callback requests-related event types can be distinguished by a new field with the value set to true and displayed in the dashboard in the transaction event type. For a normal request this field is set as false. The following are the field names that are displayed for various configured destinations:
For
API Gateway destination the field name is
callbackRequest, which is set to true.
For Elasticsearch destination the field name is
isCallbackRequest, which is set to true.
For all other destinations,
API Portal, Audit Log,
CentraSite, Email, JDBC, and Local log, the field name is
isCallbackRequest, which is wrapped under the
customFields column.
To configure API callback processor settings
1. Expand the menu options icon , in the title bar, and select Administration. 2. Select General > Callback processor.
3. Select Process all API callback requests.
This enables API Gateway to accept all the API callback requests coming from the client and wraps these requests with its own URL before it routes these requests to the native API. This option is selected by default.
When this setting is disabled, the request from the client reaches the native API, as is, without the API Gateway wrapping it with its own URL. So, when the native API sends out the callback request to the client it directly reaches the client and API Gateway is unable to track such events.
4. Select Allow HTTPS access only.
This allows API Gateway to receive only HTTPS callback requests from the native API and processes the requests before routing them to the client. If a HTTP callback request comes in, API Gateway sends out an Access denied message to the client. This option is selected by default.
If this option is not selected then API Gateway accepts the HTTP callback requests and processes the requests before routing them to the client.
5. Select Process only allowed IPs requests. This allows API Gateway to receive the callback requests only from the IP addresses specified in the Trusted IP addresses list.
API Gateway allows callback requests only from the allowed IPs configured in Trusted IP address list. You can configure your native APIs machine IPs or the native API outbound proxy server IPs here, so API Gateway allows a request coming from the native API and would then be routed to the client.
If there are no trusted IPs configured and this option is selected, then API Gateway does not allow any requests.
6. Type the IP address in the Trusted IP address and Add.You can add multiple IP addresses.
API Gateway allows only requests coming from these IP addresses when the option Process only allowed IPs requests is selected.
7. Click Save.