Exposing B2B Channels as APIs

Bharath_Meka1 · April 29, 2020, 10:58am

1. Introduction

This article explains how to expose B2B channels as an API. This article requires a prior understanding of REST.

Why does a customer need to expose B2B Channels?

To provide different types of authentication/authorization (for e.g. Kerbos,OAuth2,JWT,OpenID), as of now B2B supports only basic authentication.
To apply different threat protection policies to prevent malicious attacks (such as DOS, denied IP’s) on the applications.
Protect your applications that also involve large and recursive payloads and SQL injections.
To subject your API calls to prevent anti-virus scans.
To Enable RESTful API enabled B2B communication.
To avoid exposing native endpoint in cloud.
If a partner in B2b cloud wants to use REST on top of their existing and wants to have more security on b2b communication

2. Pre-Requisites

Create enterprise and partner in webMethods.io B2B cloud.
Create Inbound channel and processing rule.
Refer to WEBMETHODS.IO B2B TUTORIALS AND GUIDES

How to expose the B2B channel in API gateway?

Login to API gateway and create an API with a B2B inbound channel endpoint.

Add the resources and methods as shown below.

Select the methods as POST and pass the channel_id as the parameter. Copy the channel id from webmethods.io B2B -> channels page.

Add the below method parameters for posting the EDI inbound message from the API Portal.

Policy Recommendations:

Policy

Description

Recommended

Comments

API Gateway

Identify & Access

This policy is applicable across all resources / methods / operations of that particular API.

Yes

For API Developers

Threat Protection

Every API call first go to threat protection layer.(for eg : Denial service by IP)

Case by case

For eg:

Define max payload size that is allowed to be consumed.

Traffic monitoring

Policy to monitor SLA, service performance, alert

Case by case

If you want to monitor partner throttling traffic (who and from where they are calling the API)

Transport

Enable specific HTTP/HTTPS protocol or set any media type

Yes

Run time Invocation from API Portal

After applying the above policies save the API and publish it to the API Portal.

After publishing to the portal and run the API by clicking the Try API button. In this example, we are providing the body content as below. (you should get response 200 OK)

Topic	Replies	Views
Understanding webMethods.io B2B Channels - HTTP IN and HTTP OUT Knowledge base webMethods , B2B-Integration	703	August 20, 2020
API Gateway topics on key features in API Gateway Knowledge base webMethods , API-Management , API-Gateway	2393	April 19, 2020
B2B as a Service: Connect a Partner via webMethods.io B2B Knowledge base webMethods , webMethods-io-B2B , B2B-Integration , webMethods-io-Integration	1861	December 14, 2021
webMethods.io B2B first steps, tutorials and guides Knowledge base webMethods , webMethods-io-B2B , B2B-Integration	2174	September 26, 2019
Hybrid B2B: Bring your Business to Business platform to the cloud Knowledge base newsletter , webMethods , webMethods-io-B2B , B2B-Integration , Integration-Server-and-ESB , webMethods-io-Integration	2095	December 15, 2021