Learn about the features and functions available in the Red Hat OpenShift API Management cloud service.
What is OpenShift API Management
Red Hat OpenShift API Management is a cloud service for creating, securing, and publishing your APIs. The OpenShift API Management service is an add-on for Red Hat OpenShift Dedicated and Red Hat OpenShift Service on AWS. The service is based on the Red Hat 3scale API Management platform and also includes an implementation of Red Hat Single Sign-On.
Understanding Red Hat 3scale API Management
Application Programming Interface (API) management refers to the processes of distributing, controlling, and analyzing the APIs that connect applications and data across cloud environments.
Red Hat OpenShift API Management provides a management platform that allows users to share, secure, distribute, control, and monetize APIs. After setting up authentication and user accounts, OpenShift API Management developers, also referred to as API providers, can configure, and publish their APIs.
The main OpenShift API Management components include:
APIcast - the 3scale API gateway
Admin Portal - the 3scale console that API providers work in
Developer Portal - the interface for API consumers
Red Hat Single Sign-On - for authenticating access to the Developer Portal as well as to APIs
The following image shows how these components work together to provide the service.
API providers are developers who work in the 3scale Admin Portal, for which an administrator has given them accounts. API providers also work in the OpenShift Dedicated cluster to deploy applications, such as a backend for service API requests. API providers create and publish APIs, and can configure Red Hat Single Sign-On authentication to secure APIs. 3scale separates APIs into two main groups:
Backends are internal APIs bundled in a product. Backends grant API providers the freedom to map internal API organization structures to 3scale. A backend contains a private URL for an internal API. It is exposed through mapping rules and the public URL of one or more 3scale products.
Products are customer-facing APIs. Products facilitate the creation of robust yet simplified offerings for API consumers. A product includes application plans and configuration of the APIcast gateway. A product can bundle multiple backends.
When a 3scale product is ready for use, an API provider publishes it in the Developer Portal. API consumers visit the Developer Portal to subscribe to a plan that enables them to use the 3scale product that contains that API. Consumers can then call the API’s operations, subject to any usage policies that may be in effect.
Understanding Red Hat Single Sign-On
Red Hat Single Sign-On provides single sign-on (SSO) authentication to secure web applications. You use this SSO implementation to control access to 3scale Developer Portals and to 3scale API products. It is not supported as a company-wide SSO solution.
How to set up OpenShift API Management
A Red Hat OpenShift Dedicated cluster administrator sets up the cluster and identity provider and adds the OpenShift API Management service to a cluster. Then, you configure the service users.
If desired, you can customize APIcast, which is the interface that handles calls to a 3scale API product.
In Red Hat OpenShift API Management documentation, ignore content for 3scale Hosted (SaaS). It does not apply to OpenShift API Management.
Configure an identity provider
If an identity provider is already configured, there is no need to configure another one. Otherwise, you must choose and configure an identity provider, which can be LDAP, GitHub, GitHub Enterprise, Google, or OpenID Connect.
Add OpenShift API Management
Adding OpenShift API Management to a cluster makes the service available for use by 3scale API providers. You can add OpenShift API Management to an OpenShift Dedicated cluster, or to a OpenShift Service on AWS cluster.
Adding OpenShift API Management to your Red Hat OpenShift Service on AWS cluster
Configure 3scale API provider account permissions
In the 3scale Admin Portal, configure account permissions so that API providers in your organization can create, configure, and launch 3scale API products.
When a new user logs in to the OpenShift Dedicated cluster by using the configured identity provider, the user automatically receives an OpenShift account with permission to access OpenShift API Management.
You manage these accounts in the 3scale Admin Portal.
By default, Single Sign-On is configured for 3scale in OpenShift API Management.
How to use OpenShift API Management
Use OpenShift API Management to create, secure, and publish your APIs.
Get started with 3scale
You can use the 3scale wizard to start learning about how to add and test a 3scale API product.
Create and configure an API
In the 3scale Admin Portal, create and configure an API to ensure that access is protected by API keys, tracked, and monitored by 3scale with basic rate limits and controls in place.
This involves the following steps:
Create API backends
Create API products
Create mapping rules and application plans to define a customer-facing API product
Configure API access rules
Mapping rules define the metrics or methods to report. Application plans define the rules such as limits, pricing, and features for using an API product. An application subscribes to an application plan.
Configure APIcast policies
APIcast is the 3scale API gateway, which is the endpoint that accepts API product calls and routes them to bundled backends. OpenShift API Management provides APIcast staging for developing and testing APIs and also APIcast production, for published APIs.
APIcast policies are units of functionality that modify how APIcast operates. Policies can be enabled, disabled, and configured to control APIcast behavior. Use custom policies to add functionality that is not available in a default APIcast deployment.
Secure your API
If you want to secure your API by using OpenID and OAuth, then in the Red Hat Single Sign-On Admin Console, create a Red Hat Single Sign-On realm. An SSO realm is required to manage authentication for access to the Developer Portal and 3scale API products.
In the 3scale Admin Portal, set up authentication to control access to your API product and to the 3scale Developer Portal.
Set up a 3scale Developer Portal
A well-structured developer portal and great documentation are key elements to assure adoption. A developer portal is the main hub for managing interactions with API consumers and for API consumers to access their API keys in a secure way.
In the 3scale Admin Portal, add OpenAPI Specification 3.0 conforming documents for use in a Developer Portal. API consumers use the Developer Portal to access the APIs defined in these documents.
Then, configure the Developer Portal and add your APIs.
Discover and import APIs available in your OpenShift Dedicated cluster
Set up monitoring and analytics for your API
You can designate methods in your API and add metrics to set access limits for any of an API product’s application plans. For an API backend, methods and metrics can be used to set access limits in the application plan of any API product that bundles the backend.
Launch the API product
After you have configured and secured your API and created a Developer Portal, you can launch your API so that consumers can begin to use it.
Monitor your API
After your API is launched, you can monitor metrics that indicate how it is being used. Knowing how a 3scale API product is used is a crucial step for managing traffic, provisioning for peaks, and identifying the users who most often send requests to the API product.
Get OpenShift API Management
To get OpenShift API Management, you can add it to your OpenShift Dedicated cluster or OpenShift Service on AWS cluster. To learn more, go to https://cloud.redhat.com/application-services/overview.