Cloud API Gateway¶
The Cloud API Gateway, hosted by Jitterbit, handles these API Manager security features and tasks involved in accepting and processing API Manager API calls:
- Traffic management
- Authorization and access control
- Rate limiting
- API payload processing
The Cloud API Gateway is managed, maintained, and hosted by Jitterbit Harmony and does not require any configuration. API Manager security features are configured at the API level or security profile level and are cached on the API Gateway, which are then referenced during API runtime as described below.
Cloud API Gateway System Architecture¶
This diagram displays the system architecture of a Custom API deployed using a Cloud Agent and the Cloud API Gateway:
An API consumer makes a call to the API located at the Cloud API Gateway.
The Cloud API Gateway references the cached security profiles (if applicable) and API metadata to perform authentication and access control tasks. If access to the API is denied, the Cloud API Gateway will return an appropriate HTTP response and status to the API consumer. If access to the API is granted, the API request is routed to the messaging service, which routes requests for Agent Groups.
The Cloud Agent receives the request from the messaging service.
The Cloud Agent references the API operation specified during the Custom API configuration and triggers the deployed operation.
The operation responds with an API payload consistent with the response type selected during the Custom API configuration.
The API response payload is routed from the Cloud Agent back to the Cloud API Gateway, which extracts the API payload and sets the final HTTP response and status. The HTTP response and status is sent to the API consumer.
Unless the operation being triggered by the API call is using temporary storage, the API response payload will remain on the agent for a maximum of two days. The API response payload will remain on the Cloud API Gateway for no longer than the API Gateway timeout of 15 seconds.
Runtime status information and logs of running operations are sent to the transaction logs database.
Consumer data is not stored in the transaction logs database unless debug mode is enabled during Custom API configuration.