Skip to main content

Integration & IT Modernization

How API Connect Components Interact at Design Time and Run-Time



IBM API Connect – Product Architecture

IBM API Connect is an integrated offering, which provides customers an end to end API life-cycle (Create, Run, Secure and Manager) experience. It provides capabilities to build model-driven API’s , micro-services using Node.js loopback framework , run them either on-premise or on-cloud, secure and manage the same using management, gateway server and developer portal.

In this blog post, I’ll cover the component description, the sort of data they hold and their interaction with each other at design time and run-time.

Management Server provides tools to interface with various servers and holds following data. It runs Cloud Management Console (used by cloud administrator to create, manage and monitor the cloud and lot of other admin tasks) and API Manager portal (used by API developers, Product managers, admins etc.)

  • Configuration (API, Users, Plans, Products etc.)
  • Analytics (API usage, performance etc.)

Gateway Server is an entry point for API calls. It processes and manages security protocols and stores relevant user authentication data, provides assembly functions that enables APIs to integrate with various backend endpoints, and pushes analytics data back to the Management server.

IBM API Connect Supports Two Gateways:

MicroGateway – It’s built on node.js and provides enhancement for the authentication, authorization and flow requirements of an API. It is deployed on API Connect collective and has a limited number of policies available to it.

DataPower – Deployed on either virtual or physical Data Power appliance. It has more built-in policies available to it than MicroGateway and can handle enterprise level complex integrations.

Developer Portal – API providers publish the Products and APIs to the developer portal for application developers to access and use. Application developers need to sign up and register their application to use the APIs.

After registering the application, they can the select appropriate plan(collection of REST api operation and SOAP API wsdl operations) to use with their application . They can test the API using the built-in test tool. They can even view analytics information relating to APIs used by the application.

Developer Toolkit – It provides a command line tool, for creating and testing APIs, loopback application that you can run, manage and secure with IBM API Connect. We can use this to script tasks such as continuous integration and delivery.

Install this either from npm or from a management server in your IBM API Connect cloud. Following this link to take a look at available commands.

API Designer – apic edit command runs the API designer and opens in the default web browser. We can leverage Web GUI to create the  Loopback project, OpenAPI (Swagger 2.0) and secure them. We can create a Product/Plan and after testing the API successfully, we can publish the product, loopback application to Bluemix or On-prem instance.

Design-time Interaction

  • Management server sends XML Management requests to the Gateway server to flush API specific document cache entries when a user updates the API and publishes the product again.
  • Developer Portal sends messages to a Management node to be subscribed to events that occur using the WebHooks subscription service. When an event occurs, a Management server contacts the Developer Portal to inform it that the event occurred and proceeds to send the event data
  • API provider can publish products, loopback applications on On-premise API Connect instances using API Connect Collective from API designer. I’ll cover building loopback applications and how to publish those on Bluemix in future blog posts.

Run-time Interaction

  • Gateway server makes a call to the Management server to fetch the API configuration data if it doesn’t exist in cache. The Gateway uses the DataPower document cache to save API and Catalog  information for a week. 

  • A timed task in Gateway server runs every 15 minutes to check with the Management server to see if anything has changed. If the management server replies that it has, gateway server will refresh the cache entry, otherwise it will not.
  • Gateway server sends analytics data back to the Management server. It discards the analytics data when the management server is down
  • The gateway server returns stale API/catalog entries if the cache entry has expired and the management server is down.


Thoughts on “How API Connect Components Interact at Design Time and Run-Time”

  1. Thank you for posting detailed information..You are giving some

    Your detailed explanation raised couple of question in my mind for below comments
    “Gateway Server is an entry point for API calls. It processes and manages security protocols and stores relevant user authentication data” – I think API Keys are stored in management server and how Gateway server interact with management server to verify keys ?? I tried to figured out what REST call involved in API management log by sending message with invalid Client Id. Any hints in this area ?? how its validated and what reference stored in gateway cache to avoid management for every API request??

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow Us