becu-interop-platform-api

1.0.x
(0 reviews)

Publish Asset

Description

This page consists of the information regarding the operations performed to publish an asset to Exchange and the creation of an proxy for the published Asset.

This API can be leveraged to publish an external API/Asset in Exchange and Create an API Proxy deployed in Mulesoft Hosted Runtime - CloudHub

Endpoints

  • POST /assets/publish
  • PUT /assets/publish

API Design Endpoint Sequence Diagram

BECU Interop Platform API orchestrates API calls to the internal-Anypoint exchange APIs and Mulesoft Platform APIs to publish assets and deploy API Proxy.

resources/image-cc4cd1c3-0855-4776-ba45-955f31a2a7b2.png

Asset Publishing

Asset publishing and updating is accessible under the POST /assets/publish endpoint, and a required flag createProxy must be passed as a header with a value of true or false.

The flag createProxy will determine if the asset will only be onboarded in Exchange or onboarded in Exchange and a proxy is deployed in API Manager and Runtime Manager. If the flag is set to true a call to the Anypoint Platform Access Management API will be made to fetch the business group environmentId, so the asset can be deployed to the correct environment.

In order to publish the asset to the correct bussiness group, the businessGroupId is required to be passed in both organizationId and groupId in the request body.

Available Policies

When publishing an asset, Anypoint API Manager offers many out-of-the-box API-Level policies to easily enforce to an API, available policies are:

Security Policies
  • OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider: Allows access only to authorized client applications
  • JWT Validation: Validates a JWT, all calls to the API must include a JWT
  • Tokenization: Transforms sensitive data into a nonsensitive equivalent, named token
  • Detokenization: Returns a tokenized value to its original value
  • OpenID Connect Access Token Enforcement: Allows access only to authorized client applications
  • Basic Authentication Simple: Allows access based on the basic authorization mechanism, with a single user-password
  • JSON Threat Protection: Protects against malicious JSON in API requests
  • XML Threat Protection: Protects against malicious XML in API requests
  • Basic Authentication LDAP: Allows access based on the basic authorization mechanism, with user-password defined on LDAP
  • IP Allowlist: Allows a list or range of specified IP addresses to request access
  • IP Blocklist: Blocks a single IP address or a range of IP addresses from accessing an API endpoint
Quality of Service Policies
  • HTTP Caching: Caches HTTP responses from an API implementation
  • Rate Limiting SLA-based: Monitors access to an API by defining the maximum number of requests processed within a timespan, based on SLAs
  • Spike Control: Regulates API traffic
  • Rate Limiting: Monitors access to an API by defining the maximum number of requests processed within a period of time
Compliance Policies
  • Client ID Enforcement: Allows access only to authorized client applications, API calls must include client ID and secret
  • Cross-Origin Resource Sharing (CORS): Enables access to resources residing in external domains
Transformation Policies
  • Header Injection: Adds headers to a request or a response
  • Header Removal: Removes headers from a request or a response
Troubleshooting Policies
  • Message Logging: Logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint

Refer to the following documentation link for in-depth information about available policies: Policy Directory

Asset Versioning

BECU Interop Platform API enables users to update assets and increase their minor or major versions. There are two key value pairs in the request that define versioning: version and apiVersion.

In order to publish the asset to the correct business group, the businessGroupId is required to be passed in both organizationId and groupId in the request body.

Header Configuration

Asset versioning and updating is accessible under the PUT /assets/publish endpoint, and a required flag createProxy must be passed as a header with a value of true or false.

An env header must be passed to select the environment in which the desired asset to update is located.

  • When passed env is dev and createProxy == true, the asset will be updated in Exchange, API Manager instance will be updated, and the application re-deployed in Runtime Manager.
  • When passed env is dev and createProxy == false, only asset in Exchange will be updated.
  • When passed env is test or prod and createProxy == true, Exchange update will be skipped, API Manager instance will be updated, and the application re-deployed in Runtime Manager.
  • When passed env is test or prod and createProxy == false, asset in Exchange will be updated, API Manager instance will be updated, and the application re-deployed in Runtime Manager.

Below is a list of versioning use cases:

For Asset Version Update (Minor version)

The key value pair holding the minor version is the field version.

The user is able to update the version of an asset using Semver specification, for example: updating version 1.0.0 to 1.0.1. The description, policies, API Spec and implementation URL (or assetLink) can be updated.

Updating an asset in Exchange only

  • Request the PUT /assets/publish with a createProxy header as false
  • BECU Interop Platform updates the asset Exchange and updates its version.

Updating an asset

  • Request the PUT /assets/publish with a createProxy header as true
  • BECU Interop Platform updates the asset in Exchange and API manager, and re-deploys the proxy in Runtime Manager

For API Version Update (Major version)

The key value pair holding the major version is the field apiVersion.

The user is able to upgrade the apiVersion of an asset from v1 to v2. Doing so will release a new "v2" asset and maintain the previous major version available.

When updating the major version, the minor version's field version must be set to the major version's number, for example: upgrading an asset to "v2" would require version field as 2.0.0 or "v3" as 3.0.0.

Adding a major version of an asset

  • Request the POST /assets/publish with a createProxy header as true and change the apiVersion to "v2" or a desired major version value (with a "v" and a number)
  • A new instance will be registered in Exchange and API Manager with the same name but different major version

Restrictions

  • Connectors & Common API Dependency

The BECU Interop Platform API, is consuming multiple connectors and Anypoint Platform REST APIs.

Below are the list of connectors which this API is consuming:

  • HTTP Connector
  • Transform Message
  • JSON Logger

Downstream Dependencies

Anypoint Platform REST APIs

Anypoint Platform Login API

Anypoint Exchange API for

  • Publish Asset
  • Register Asset to API Manager
  • Deploy Proxy
  • Apply Policy

Reviews