Technical Articles

October 10, 2020 3 minute read

SAP APIM – Route Service to Manage Cloud Foundry Apps

SAP API Management on Cloud Foundry allows you to Design, Secure, Publish, Monitor, and Monetize APIs of your Enterprise. Additionally, there are also below APIM Services on Cloud Foundry to provides different capabilities via plans.

API Management, API portal – apim-as-route-service
API Management, API portal – on-premise-connectivity
API Management, API portal – apiportal-apiaccess
API Management, Dev Portal – devportal-apiaccess

Read the Blog Service Plan of SAP API Management in Cloud Foundry Environment for more information on the Service Plans.

In this blog let us see about API Portal Route Service Plan to manage the application deployed on Cloud Foundry. Route services are to help Micro Service Developers remove the burden of implementing the common function such as rate-limiting, authorization, caching, etc on the Micro Service. Instead, a Marketplace service like SAP APIM can be used for it.

In my previous blog SAP CPI – HTTP Tracing using Own Echo Service I deployed an Application on cloud foundry. In this blog let us take that Application as an example and see how to bind that to SAP API Management on CF. When this is done the CF router will make sure the API traffic is always routed to API Proxy irrespective of Micro Service URL or Proxy URL used. This allows us to apply the required APIM OOTB Policies to the API request and response.

Below is the before and after architecture representation.

Prerequisites

You have Subscribed to API Management services in Cloud Foundry. If not done, follow this blog Enable SAP Cloud Platform API Management in Cloud Foundry Environment.
A space in Cloud Foundry and space developer role assigned to you.
An Application aka Micro Service deployed in CF Space. Follow this blog SAP CPI – HTTP Tracing using Own Echo Service to deploy one if required.

1. Adding API Portal Route Service Plan Entitlement

From SCP Cockpit, open the Subaccount and Navigate to Entitlements –> Configure Entitlements –> Add Service Plans.
Choose API Management, API portal Entitlement, and apim-as-route-service from the Available plan.

2. Creating Route Service Instance

Navigate to Spaces in Cloud Foundry Subaccount and choose Services –> Service Marketplace
Now choose API Management, API portal –> Create Instance
Select Service Plan as apim-as-route-service
Name the Service Instance and Click Create Instance

3. Binding CF App to API Management through Route Service

Open Command Prompt and Login to your CF instance

cf login -a https://api.cf.eu20.hana.ondemand.com

Construct the bind-route-service Command in the below format.

cf bind-route-service <CF_Domain> <APIM Route Service Instance> --hostname <CF APP Host Name> -c <optional Paramater for API Proxy Name>

Parameter	Value
CF_Domain	Domain Name of Cloud Foundry Instance, for instance, my app is running in echoservice.cfapps.eu20.hana.ondemand.com so the domain is “cfapps.eu20.hana.ondemand.com“
APIM Route Service Instance	Name of the apim-as-route-service created in the previous step
CF APP Host Name	Host Name of CF APP, for instance, my App is running in echoservice.cfapps.eu20.hana.ondemand.com so the Host is “echoservice“
Optional Parameter	To Name Auto Created API proxy with a name of your choice. Format: {\”api_name\” : \”<API Proxy Name>\”}

Execute the bind-route-service Command

cf bind-route-service cfapps.eu20.hana.ondemand.com CFAPIM-RouteS --hostname echoservice -c "{\"api_name\" : \"EchoService\"}"

Verify if an API Proxy with the Name “EchoService” was created in CF API Portal.

4. Attaching Policy of your choice to the Generated API Proxy

For the demonstration, I will protect this API with an API Key Policy.

Open the API Proxy in CF API Portal and select on Policy to open Policy Editor.

Attach Verify API Key Policy to Proxy Endpoint – PreFlow

<VerifyAPIKey async='true' continueOnError='false' enabled='true' 
xmlns='http://www.sap.com/apimgmt'>
	<APIKey ref='request.header.APIKey'/>
</VerifyAPIKey>

Update and Save API Proxy

5. Conclusion

Now the CF Apps API traffic is routed through API Management always. With the Verify API Key Policy, we have enabled API Key based security to the CF Application. Similarly, we can attach Rate Limiting, Spike Arrest, Caching, etc to API Proxy and protect the CF APP. This Route Service thus enable us to handle such API Security / Traffic Management requirement in API Management service, instead of coding them in every single Micro Service.

In subsequent blogs, we will see how to connect to CF Apps secured with XSUAA through SAP APIM Management.

2 Comments

You must be Logged on to comment or reply to a post.

Ramesh Vodela

December 17, 2020 at 4:43 pm

Santosh

I am using the trial cloud foundry account and wanted to try out the final step of Creating Product/Application and subscription.

I could create Product - But in the Developer portal on the trial version when I create an application there are errors - This was working fine in the NEO environment.

Best regards

Ramesh

Minh Tri Le

January 13, 2023 at 11:00 am

Hi Santhosh Kumar Vellingiri,

Thanks for a great blog.

May I know if you have any blog for connecting to CF Apps secured with XSUAA through SAP APIM Management?

Regards,

Tri