JWT protected API testing in API Portal published from API Gateway

webMethods API Portal tutorial

Introduction:

An Administrator must perform the instructions mentioned in this document for enabling the JWT settings in API Gateway and publish JWT protected API to API Portal. Upon performing these instructions, the API consumer can request for JWT tokens and test the APIs using API Tryout page. 

Steps:

The following steps should be followed to complete the setup,

  1. Check JWT settings in API Gateway
  2. Configure KeyStore & TrustStore in API Gateway
  3. Create JWT provider in API Gateway
  4. Create HTTPS port in API Gateway
  5. Configure API Portal & API Gateway information in Destiniations tab of Administration page in API Gateway
  6. Publish JWT protected API to API Portal
  7. Tryout JWT protected API from API Portal

Check JWT settings in API Gateway

  1. Login to API Gateway, http://localhost:9072/apigatewayui as Administrator & go to Administration page.
  2. Under "General" tab, click "Extended settings" section.
  3. In the list of settings shown, look for "pg_JWT_isHTTPS" and make sure it is set to "true".         

Configure KeyStore & TrustStore in API Gateway

  1. Login to API Gateway, http://localhost:9072/apigatewayui as Administrator & go to Administration page.
  2. Click on "Security" tab.
  3. Under "Keystore/Truststore" section, you can add a new KeyStore or TrustStore by clicking "Add..." button or use the default IS keystore & truststore which is already configured.
  4. Under "Configure keystore and truststore settings, select the respective Keystore & Trsustore aliases in the dropdown.          

Create JWT provider in API Gateway

  1. Go to Administration page, click on "Security" tab and click on "JWT" section.
  2. Under JWT configuration section, Provide "Token issuer" name, "Algorithm", "Expiry duration", "Keystore alias informations and click "Save" button.         

Create HTTPS port in API Gateway

  1. Login to API Gateway, http://localhost:9072/apigatewayui as Administrator & go to Administration page.
  2. Click "Security" tab and click on Ports section.
  3. Click on "Add ports" button, select type as "HTTPS" and click "Add" button.
  4. Provide value for "Port", "Alias", select Keystore alias and Truststore alias under "Listener specific credentials" section and click "Add" button.
  5. Once the newly created port is listed in "Ports" page, click on "x" mark to enable the port.
  6. In the confirmation popup, click on "Yes" to enable the port.

  

Configure API Portal & API Gateway information in Destinations tab of Administration page

  1. Go to Administration page and click on "Destinations" tab.
  2. Click on API Portal Configuration section.
  3. Provide required API Portal & API Gateway instance information (make sure HTTPS url of Gateway is provided) and click "Publish" button.         

Publish JWT protected API to API Portal

  1. Login to API Gateway and import a SOAP or REST API.
  2. In API details page click "Edit" button, click "Policies" tab. Expand "Identify & Access" section, add "Identify & Authorize Application" policy and click "JWT" under "Identification Type" of this policy.
  3. Save the API changes, activate the API and publish it to API Portal.

Tryout JWT protected API from API Portal

  1. Login to API Portal and go to API details page of the JWT protected API.
  2. In API details page, click on "Get access token" link.
  3. In "Request API access token" popup, provide Application name and click "Request token" button.
  4. In API details page, click on "Try API" button and go to API tryout page. In try page, the requested access token will be listed under "Applications" dropdown. Click on the "Get JSON Web Token" button to get JWT token.
  5. In the JWT popup, provide API Gateway administrator credentials and click "OK" button. The generated JWT token will be listed under Available tokens section.
  6. On clicking the "Test' button, invocation happens using JWT token selected under "Available tokens" section and response will be shown.