This article explains how to expose B2B channels as an API. This article requires a prior understanding of REST.
Why does a customer need to expose B2B Channels?
- To provide different types of authentication/authorization (for e.g. Kerbos,OAuth2,JWT,OpenID), as of now B2B supports only basic authentication.
- To apply different threat protection policies to prevent malicious attacks (such as DOS, denied IP’s) on the applications.
- Protect your applications that also involve large and recursive payloads and SQL injections.
- To subject your API calls to prevent anti-virus scans.
- To Enable RESTful API enabled B2B communication.
- To avoid exposing native endpoint in cloud.
- If a partner in B2b cloud wants to use REST on top of their existing and wants to have more security on b2b communication
- Create enterprise and partner in webMethods.io B2B cloud.
- Create Inbound channel and processing rule.
- Refer to WEBMETHODS.IO B2B TUTORIALS AND GUIDES
How to expose the B2B channel in API gateway?
Login to API gateway and create an API with a B2B inbound channel endpoint.
Add the resources and methods as shown below.
Select the methods as POST and pass the channel_id as the parameter. Copy the channel id from webmethods.io B2B -> channels page.
Add the below method parameters for posting the EDI inbound message from the API Portal.
|Identify & Access||This policy is applicable across all resources / methods / operations of that particular API.||Yes||For API Developers|
|Threat Protection||Every API call first go to threat protection layer.(for eg : Denial service by IP)||Case by case||
|Traffic monitoring||Policy to monitor SLA, service performance, alert||Case by case||If you want to monitor partner throttling traffic (who and from where they are calling the API)|
|Transport||Enable specific HTTP/HTTPS protocol or set any media type||Yes|
Run time Invocation from API Portal
After applying the above policies save the API and publish it to the API Portal.
After publishing to the portal and run the API by clicking the Try API button. In this example, we are providing the body content as below. (you should get response 200 OK)