Technical Articles
SAP APIM – Route Service to Manage Cloud Foundry Apps
SAP API Management on Cloud Foundry allows you to Design, Secure, Publish, Monitor, and Monetize APIs of your Enterprise. Additionally, there are also below APIM Services on Cloud Foundry to provides different capabilities via plans.
- API Management, API portal – apim-as-route-service
- API Management, API portal – on-premise-connectivity
- API Management, API portal – apiportal-apiaccess
- API Management, Dev Portal – devportal-apiaccess
Read the Blog Service Plan of SAP API Management in Cloud Foundry Environment for more information on the Service Plans.
In this blog let us see about API Portal Route Service Plan to manage the application deployed on Cloud Foundry. Route services are to help Micro Service Developers remove the burden of implementing the common function such as rate-limiting, authorization, caching, etc on the Micro Service. Instead, a Marketplace service like SAP APIM can be used for it.
In my previous blog SAP CPI – HTTP Tracing using Own Echo Service I deployed an Application on cloud foundry. In this blog let us take that Application as an example and see how to bind that to SAP API Management on CF. When this is done the CF router will make sure the API traffic is always routed to API Proxy irrespective of Micro Service URL or Proxy URL used. This allows us to apply the required APIM OOTB Policies to the API request and response.
Prerequisites
- You have Subscribed to API Management services in Cloud Foundry. If not done, follow this blog Enable SAP Cloud Platform API Management in Cloud Foundry Environment.
- A space in Cloud Foundry and space developer role assigned to you.
- An Application aka Micro Service deployed in CF Space. Follow this blog SAP CPI – HTTP Tracing using Own Echo Service to deploy one if required.
1. Adding API Portal Route Service Plan Entitlement
- From SCP Cockpit, open the Subaccount and Navigate to Entitlements –> Configure Entitlements –> Add Service Plans.
- Choose API Management, API portal Entitlement, and apim-as-route-service from the Available plan.
2. Creating Route Service Instance
- Navigate to Spaces in Cloud Foundry Subaccount and choose
- Now choose API Management, API portal –> Create Instance
- Select Service Plan as apim-as-route-service
- Name the Service Instance and Click Create Instance
3. Binding CF App to API Management through Route Service
- Open Command Prompt and Login to your CF instance
cf login -a https://api.cf.eu20.hana.ondemand.com
- Construct the bind-route-service Command in the below format.
cf bind-route-service <CF_Domain> <APIM Route Service Instance> --hostname <CF APP Host Name> -c <optional Paramater for API Proxy Name>
Parameter Value CF_Domain Domain Name of Cloud Foundry Instance, for instance, my app is running in echoservice.cfapps.eu20.hana.ondemand.com so the domain is “cfapps.eu20.hana.ondemand.com“ APIM Route Service Instance Name of the apim-as-route-service created in the previous step CF APP Host Name Host Name of CF APP, for instance, my App is running in echoservice.cfapps.eu20.hana.ondemand.com so the Host is “echoservice“ Optional Parameter To Name Auto Created API proxy with a name of your choice.
Format: {\”api_name\” : \”<API Proxy Name>\”} - Execute the bind-route-service Command
cf bind-route-service cfapps.eu20.hana.ondemand.com CFAPIM-RouteS --hostname echoservice -c "{\"api_name\" : \"EchoService\"}"
- Verify if an API Proxy with the Name “EchoService” was created in CF API Portal.
4. Attaching Policy of your choice to the Generated API Proxy
For the demonstration, I will protect this API with an API Key Policy.
- Open the API Proxy in CF API Portal and select on Policy to open Policy Editor.
- Attach Verify API Key Policy to Proxy Endpoint – PreFlow
<VerifyAPIKey async='true' continueOnError='false' enabled='true' xmlns='http://www.sap.com/apimgmt'> <APIKey ref='request.header.APIKey'/> </VerifyAPIKey>
- Update and Save API Proxy
5. Conclusion
Now the CF Apps API traffic is routed through API Management always. With the Verify API Key Policy, we have enabled API Key based security to the CF Application. Similarly, we can attach Rate Limiting, Spike Arrest, Caching, etc to API Proxy and protect the CF APP. This Route Service thus enable us to handle such API Security / Traffic Management requirement in API Management service, instead of coding them in every single Micro Service.
In subsequent blogs, we will see how to connect to CF Apps secured with XSUAA through SAP APIM Management.
Santosh
I am using the trial cloud foundry account and wanted to try out the final step of Creating Product/Application and subscription.
I could create Product - But in the Developer portal on the trial version when I create an application there are errors - This was working fine in the NEO environment.
Best regards
Ramesh
Hi Santhosh Kumar Vellingiri,
Thanks for a great blog.
May I know if you have any blog for connecting to CF Apps secured with XSUAA through SAP APIM Management?
Regards,
Tri