Exposing B2B Channels as APIs

1. Introduction

This article explains how to expose B2B channels as an API. This article requires a prior understanding of REST.

Why does a customer need to expose B2B Channels?

  • To provide different types of authentication/authorization (for e.g. Kerbos,OAuth2,JWT,OpenID), as of now B2B supports only basic authentication.
  • To apply different threat protection policies to prevent malicious attacks (such as DOS, denied IP’s) on the applications.
  • Protect your applications that also involve large and recursive payloads and SQL injections.
  • To subject your API calls to prevent anti-virus scans.
  • To Enable RESTful API enabled B2B communication.
  • To avoid exposing native endpoint in cloud.
  • If a partner in B2b cloud wants to use REST on top of their existing and wants to have more security on b2b communication

2. Pre-Requisites

How to expose the B2B channel in API gateway?

         Login to API gateway and create an API with a B2B inbound channel endpoint.

 Add the resources and methods as shown below.

Select the methods as POST and pass the channel_id as the parameter. Copy the channel id from webmethods.io B2B -> channels page.

  Add the below method parameters for posting the EDI inbound message from the API Portal.

Policy Recommendations:

Policy Description Recommended Comments

API Gateway

Identify & Access  This policy is applicable across all resources / methods / operations of that particular API. Yes For API Developers
Threat Protection Every API call first go to threat protection layer.(for eg : Denial service by IP)  Case by case

For eg:

Define max payload size that is allowed to be consumed.
Traffic monitoring Policy to monitor SLA, service performance, alert Case by case If you want to monitor partner throttling traffic (who and from where they are calling the API)
Transport Enable specific HTTP/HTTPS  protocol or set any media type  Yes  

Run time Invocation from API Portal

After applying the above policies save the API and publish it to the API Portal.

After publishing to the portal and run the API by clicking the Try API button. In this example, we are providing the body content as below. (you should get response 200 OK)