Skip to Content
Technical Articles
Author's profile photo Santhosh Kumar Vellingiri

SAP APIM – Route Service to Manage Cloud Foundry Apps

SAP API Management on Cloud Foundry allows you to Design, Secure, Publish, Monitor, and Monetize APIs of your Enterprise. Additionally, there are also below APIM Services on Cloud Foundry to provides different capabilities via plans.

  • API Management, API portal – apim-as-route-service
  • API Management, API portal – on-premise-connectivity
  • API Management, API portal – apiportal-apiaccess
  • API Management, Dev Portal – devportal-apiaccess

Read the Blog Service Plan of SAP API Management in Cloud Foundry Environment for more information on the Service Plans.

In this blog let us see about API Portal Route Service Plan to manage the application deployed on Cloud Foundry. Route services are to help Micro Service Developers remove the burden of implementing the common function such as rate-limiting, authorization, caching, etc on the Micro Service. Instead, a Marketplace service like SAP APIM can be used for it.

In my previous blog SAP CPI – HTTP Tracing using Own Echo Service I deployed an Application on cloud foundry. In this blog let us take that Application as an example and see how to bind that to SAP API Management on CF. When this is done the CF router will make sure the API traffic is always routed to API Proxy irrespective of Micro Service URL or Proxy URL used. This allows us to apply the required APIM OOTB Policies to the API request and response.

Below is the before and after architecture representation.

Prerequisites

1. Adding API Portal Route Service Plan Entitlement

  1. From SCP Cockpit, open the Subaccount and Navigate to Entitlements –> Configure Entitlements –> Add Service Plans.
  2. Choose API Management, API portal Entitlement, and apim-as-route-service from the Available plan.

2. Creating Route Service Instance

  1. Navigate to Spaces in Cloud Foundry Subaccount and choose Services –> Service Marketplace
  2. Now choose API Management, API portal –> Create Instance
  3. Select Service Plan as apim-as-route-service
  4. Name the Service Instance and Click Create Instance

3. Binding CF App to API Management through Route Service

  1. Open Command Prompt and Login to your CF instance
    cf login -a https://api.cf.eu20.hana.ondemand.com​​

     

  2. Construct the bind-route-service Command in the below format.
    cf bind-route-service <CF_Domain> <APIM Route Service Instance> --hostname <CF APP Host Name> -c <optional Paramater for API Proxy Name>​
    Parameter Value
    CF_Domain Domain Name of Cloud Foundry Instance, for instance, my app is running in echoservice.cfapps.eu20.hana.ondemand.com so the domain is “cfapps.eu20.hana.ondemand.com
    APIM Route Service Instance Name of the apim-as-route-service created in the previous step
    CF APP Host Name Host Name of CF APP, for instance, my App is running in echoservice.cfapps.eu20.hana.ondemand.com so the Host is “echoservice
    Optional Parameter To Name Auto Created API proxy with a name of your choice.
    Format: {\”api_name\” : \”<API Proxy Name>\”}
  3. Execute the bind-route-service Command
    cf bind-route-service cfapps.eu20.hana.ondemand.com CFAPIM-RouteS --hostname echoservice -c "{\"api_name\" : \"EchoService\"}"​

  4. Verify if an API Proxy with the Name “EchoService” was created in CF API Portal.

4. Attaching Policy of your choice to the Generated API Proxy

For the demonstration, I will protect this API with an API Key Policy.

  1. Open the API Proxy in CF API Portal and select on Policy to open Policy Editor.
  2. Attach Verify API Key Policy to Proxy Endpoint – PreFlow
    <VerifyAPIKey async='true' continueOnError='false' enabled='true' 
    xmlns='http://www.sap.com/apimgmt'>
    	<APIKey ref='request.header.APIKey'/>
    </VerifyAPIKey>​

  3. Update and Save API Proxy

5. Conclusion

Now the CF Apps API traffic is routed through API Management always. With the Verify API Key Policy, we have enabled API Key based security to the CF Application. Similarly, we can attach Rate Limiting, Spike Arrest, Caching, etc to API Proxy and protect the CF APP. This Route Service thus enable us to handle such API Security / Traffic Management requirement in API Management service, instead of coding them in every single Micro Service.

In subsequent blogs, we will see how to connect to CF Apps secured with XSUAA through SAP APIM Management.

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ramesh Vodela
      Ramesh Vodela

      Santosh

      I am using the trial cloud foundry account and wanted to try out the final step of Creating Product/Application and subscription.

      I could create Product - But in the Developer portal on the trial version when I create an application there are errors - This was working fine in the NEO environment.

      Best regards

      Ramesh

      Author's profile photo Minh Tri Le
      Minh Tri Le

      Hi Santhosh Kumar Vellingiri,

      Thanks for a great blog.

      May I know if you have any blog for connecting to CF Apps secured with XSUAA through SAP APIM Management?

      Regards,

      Tri