Skip to Content
Technical Articles

SAP APIM – Route Service to Manage Cloud Foundry Apps

SAP API Management on Cloud Foundry allows you to Design, Secure, Publish, Monitor, and Monetize APIs of your Enterprise. Additionally, there are also below APIM Services on Cloud Foundry to provides different capabilities via plans.

  • API Management, API portal – apim-as-route-service
  • API Management, API portal – on-premise-connectivity
  • API Management, API portal – apiportal-apiaccess
  • API Management, Dev Portal – devportal-apiaccess

Read the Blog Service Plan of SAP API Management in Cloud Foundry Environment for more information on the Service Plans.

In this blog let us see about API Portal Route Service Plan to manage the application deployed on Cloud Foundry. Route services are to help Micro Service Developers remove the burden of implementing the common function such as rate-limiting, authorization, caching, etc on the Micro Service. Instead, a Marketplace service like SAP APIM can be used for it.

In my previous blog SAP CPI – HTTP Tracing using Own Echo Service I deployed an Application on cloud foundry. In this blog let us take that Application as an example and see how to bind that to SAP API Management on CF. When this is done the CF router will make sure the API traffic is always routed to API Proxy irrespective of Micro Service URL or Proxy URL used. This allows us to apply the required APIM OOTB Policies to the API request and response.

Below is the before and after architecture representation.

Prerequisites

1. Adding API Portal Route Service Plan Entitlement

  1. From SCP Cockpit, open the Subaccount and Navigate to Entitlements –> Configure Entitlements –> Add Service Plans.
  2. Choose API Management, API portal Entitlement, and apim-as-route-service from the Available plan.

2. Creating Route Service Instance

  1. Navigate to Spaces in Cloud Foundry Subaccount and choose Services –> Service Marketplace
  2. Now choose API Management, API portal –> Create Instance
  3. Select Service Plan as apim-as-route-service
  4. Name the Service Instance and Click Create Instance

3. Binding CF App to API Management through Route Service

  1. Open Command Prompt and Login to your CF instance
    cf login -a https://api.cf.eu20.hana.ondemand.com​​

     

  2. Construct the bind-route-service Command in the below format.
    cf bind-route-service <CF_Domain> <APIM Route Service Instance> --hostname <CF APP Host Name> -c <optional Paramater for API Proxy Name>​
    Parameter Value
    CF_Domain Domain Name of Cloud Foundry Instance, for instance, my app is running in echoservice.cfapps.eu20.hana.ondemand.com so the domain is “cfapps.eu20.hana.ondemand.com
    APIM Route Service Instance Name of the apim-as-route-service created in the previous step
    CF APP Host Name Host Name of CF APP, for instance, my App is running in echoservice.cfapps.eu20.hana.ondemand.com so the Host is “echoservice
    Optional Parameter To Name Auto Created API proxy with a name of your choice.
    Format: {\”api_name\” : \”<API Proxy Name>\”}
  3. Execute the bind-route-service Command
    cf bind-route-service cfapps.eu20.hana.ondemand.com CFAPIM-RouteS --hostname echoservice -c "{\"api_name\" : \"EchoService\"}"​

  4. Verify if an API Proxy with the Name “EchoService” was created in CF API Portal.

4. Attaching Policy of your choice to the Generated API Proxy

For the demonstration, I will protect this API with an API Key Policy.

  1. Open the API Proxy in CF API Portal and select on Policy to open Policy Editor.
  2. Attach Verify API Key Policy to Proxy Endpoint – PreFlow
    <VerifyAPIKey async='true' continueOnError='false' enabled='true' 
    xmlns='http://www.sap.com/apimgmt'>
    	<APIKey ref='request.header.APIKey'/>
    </VerifyAPIKey>​

  3. Update and Save API Proxy

5. Conclusion

Now the CF Apps API traffic is routed through API Management always. With the Verify API Key Policy, we have enabled API Key based security to the CF Application. Similarly, we can attach Rate Limiting, Spike Arrest, Caching, etc to API Proxy and protect the CF APP. This Route Service thus enable us to handle such API Security / Traffic Management requirement in API Management service, instead of coding them in every single Micro Service.

In subsequent blogs, we will see how to connect to CF Apps secured with XSUAA through SAP APIM Management.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.