Configuring API Callback Processor Settings
You can configure the API callback processor setting All API callback requests so that API Gateway accepts all the requests from the client that contain the callback request URL and wrap the requests with its own URL before routing them to the native API. This lets API Gateway track the requests that the client sends to the native API and the callback messages that are sent by the native API to the client. In addition, you can use the settings Allow HTTPS access only and Process only allowed IPs requests to avoid any external threats in case an unauthorized user tries to access the protected resource.
You must have manage general administration configurations functional privileges to configure callback processor settings.
To configure API callback processor settings
1. Expand the menu options icon , in the title bar, and select Administration. 2. Select General > Callback processor settings.
3. Select All API callback requests.
This enables API Gateway to accept all the API callback requests coming from the client and wraps these requests with its own URL before it routes these requests to the native API. This option is selected by default.
When this setting is disabled, the request from the client reaches the native API, as is, without the API Gateway wrapping it with it own URL. So, when the native API sends out the callback request to the client it directly reaches the client and API Gateway is unable to track such events.
4. Select Allow HTTPS access only.
This allows API Gateway to receive only HTTPS callback requests from the native API and processes the requests before routing them to the client. If a HTTP callback request comes in, API Gateway sends out an Access denied message to the client. This option is selected by default.
If this option is not selected then API Gateway accepts the HTTP callback requests and processes the requests before routing them to the client.
5. Select Process only allowed IPs requests. This allows API Gateway to receive the callback requests only from the IP addresses specified in the Trusted IP addresses list.
API Gateway allows callback requests only from the allowed IPs configured in Trusted IP address list. You can configure your native APIs machine IPs or the native API outbound proxy server IPs here, so API Gateway allows a request coming from the native API and would then be routed to the client.
If there are no trusted IPs configured and this option is selected, then API Gateway does not allow any requests.
6. Type the IP address in the Trusted IP address and Add.You can add multiple IP addresses.
API Gateway allows only requests coming from these IP addresses when the option Process only allowed IPs requests is selected.
7. Click Save.