4 minute read
This section describes various tasks that you might perform after installing API Gateway. This includes how to check if an installation has been successful, any initial configuration needed before you can start API Gateway, what you should do to secure API Gateway, and so on.
Verify the installation
To verify your installation, follow these guidelines.
Check the installation log
You can examine the installation log in the root directory of the installation (for example,
Start API Gateway components and tools
- To start the API Gateway server and Admin Node Manager and to log in to the API Gateway Manager web-based administration tool, see Start API Gateway.
- To start the Policy Studio desktop tool, see Start Policy Studio.
- To log in to the API Manager web-based tool, see Start API Manager.
- To start the Configuration Studio desktop tool, see Start Configuration Studio.
- To set up and start the API Gateway Analytics server, and to log in to the API Gateway Analytics web-based tool, see the API Gateway Analytics User Guide.
Depending on the installation options you selected, the following tasks might need to be completed before you can start API Gateway.
Create a new domain
If you did not install the QuickStart tutorial, you must use the
managedomain script to create a new managed domain that includes an API Gateway instance. You can run the script from the following directory
For more details on running
managedomain, see Configure an API Gateway domain.
Run API Gateway on privileged ports
API Gateway is run as a non-root user to prevent any potential security issues with running as the
root user. To enable API Gateway to listen on privileged ports when running as non-root, you must perform the steps in Run API Gateway on privileged ports. If you do not perform these steps, the following error is reported during API Gateway startup:
ERROR ... failed to listen on address 0.0.0.0/80: Permission denied. can't bind socket to address
Set up a metrics database for API Manager or API Gateway Analytics
If you installed API Manager, see Install and configure a metrics databases.
If you installed API Gateway Analytics, see the API Gateway Analytics User Guide.
Secure API Gateway
Perform the following tasks after installation to secure your API Gateway system and protect the API Gateway environment from internal or external threats.
Change default passwords
If you did not set an administrator user name and password during installation, you should change the default administrator user name and password now. For details, see Manage administrator users.
Change default certificates
The default certificates used to secure API Gateway components are self-signed. You can replace these self-signed certificates with certificates issued by a Certificate Authority (CA) For details, see Manage certificates and keys.
Encrypt API Gateway configuration
By default, API Gateway configuration is unencrypted. You can specify a passphrase to encrypt API Gateway instance configuration as detailed in Configure an API Gateway encryption passphrase.
Change default session timeout for API Gateway Manager
The default idle session timeout for the API Gateway Manager web UI is 12 hours. It is recommended that you change this timeout to 120 minutes or less:
- Open the file
- Edit the property
env.WEBMANAGER.SESSION.TIMEOUT. The property value is in milliseconds. The default value is 43200000 (12 hours).
- Restart API Gateway for the updates to be applied.
Where to go next
For additional procedures you can perform to secure your API Gateway, see the API Gateway Administrator Guide.
For more information on the security features of API Gateway and best practices for strengthening the security of API Gateway, see the API Management Security Guide.
Set up services
This section explains how to run various components as services.
You can run Node Managers and API Gateway instances as services using the
managedomain script. To register a Node Manager or an API Gateway instance as a service
on Linux, you must run the
managedomain command as
root. For example:
- Node Manager: Enter
managedomain --menu, and choose option 2,
Edit a host.
- API Gateway instance: Enter
managedomain --menu, and choose option 10,
Add script or service for existing local API Gateway.
Alternatively, you can run
managedomain in command mode with the
--add_service option to create a service for a Node Manager or API Gateway instance.
For more details on
managedomain, see managedomain command reference.
API Gateway Analytics
You can also run the API Gateway Analytics server as a service by creating a script. A sample script and ReadMe is provided in the following directory:
For details on running Apache Cassandra as a service, see Install an Apache Cassandra database.
Set up clustering
To set up API Gateway for high availability, you need to configure an external Apache Cassandra database for clustering. For more information, see the following topics: