Receive Callback on API Gateway

Hello Everyone,

I just Want your suggestion, can Software AG API Gateway version 10.11, receives callback from any API or service.

Can you elaborate a bit more on your overall scenario?

Callbacks are often named that because of this:

  1. Some application (we’ll call it ABC) makes a call to some other application (we’ll call it XYZ). Within the payload there is a URL.
  2. The XYZ application uses the URL from ABC to make a “callback” – an async response.

In this case, if the URL refers to an API GW-hosted endpoint, then it will work. The endpoint has no idea it is a “callback”. It’s just an endpoint.

If your scenario differs from this, please share the details.

1 Like

Dear @reamon I do have a similar question .

Application calls an API through API Gateway. The payload of this API contains the business data & a callback url . The application expects the API server to callback that URL once the processing is complete. The callback also should go through the API Gateway. So in this case we need to modify the Callback URL sent by application & replace it with API Gateway URL.

As per webMethods gateway there is function called callback processing. Can we use this feature for this usecase. I tried to implement this , however i could not find how does it actually work.

Thanks

@mvsuhas API Gateway by default wrap the client request with callback URL with APIGateway and send to native to track the request in Gateway. So you do not have to modify the callback URL sent by application.

All you have to do is to define the callback URL to your operation/resource by accessing the same from client request {$request.body.callback}
Below are the API Gateway callback URL setup

Process all API callback requests settings from API Gateway

This enables API Gateway to accept all the API callback requests coming from the client and wraps these requests with its own URL before it routes these requests to the native API. This option is selected by default.

When this setting is disabled, the request from the client reaches the native API, as is, without the API Gateway wrapping it with its own URL. So, when the native API sends out the callback request to the client it directly reaches the client and API Gateway is unable to track such events

1 Like

Dear @DINESH_J Thanks for the inputs. I need some clarification on how does it work

Let us assume that an
API is being consumed by 2 different applications App X & App Y.
Both are passing the callback URLs https://appX:443/callback & https://appY:443/callback.
Now, Gateway replaces it two https://gateway:5443/callback
So when , that callback is received on gateway, how does it determine the original call back url. Do we need to ask client to pass any particular identifier like co relation id?

Thanks
Suhas

@mvsuhas Let consider you have sum API with resource /processSUM which takes input from multiple consumer and your resource callback configuration as below

Consumer 1 sends request with callback URL as below
{
“Number1”: 1,
“Number2”: 19,
“callback”: “https://hostnameport/callback/xyz/resultofCustomer1
}

Consumer 2 sends request with callback URL as below

{
“Number1”: 1,
“Number2”: 20,
“callback”: “https://hostnameport/callback/xyz/resultofCustomer2
}

When request lands at native service they will still get the values of original “callback” URL which sent by the consumer 1 & 2 respectively to native service to take further action. Also I do see there is no need for consumer to send request with correlation ID to differentiate the callback URL . I would suggest you to do simple POC with your business Use Case to see the outcome.

@DINESH_J

In my case the server / native API uses the callback url that it receives in the request to send back the response

Case 1 : Original Callback URL is sent to native API. In this case the call back does not come to gateway.

Case 2 : Original URL is changed (replace with gateways host) so that the callback comes to gateway. In this case, How will gateway come to know to which client it should be sent ?

Hope these diagrams help you to understand my case.

What is the purpose of case 2? Why should that call go through API GW? Sure, the callback is related to a request that came through GW but the async response does not need to. – API GW isn’t responsible for managing access to that external client.

If you really want this to go through the GW, you’ll want to keep the original host somewhere in the modified URL as a parameter (encoded). And when the application makes the call to GW, the GW uses that parameter to forward the call.

Lots of security things to be concerned about there, so be careful.

[Edit] API GW supports this directly, so no need to do any custom wrapping/replacement of the callbackUrl (a conventional name defined by OpenAPI). Personally, I still wouldn’t do this. I understand that some may see value in tracking the callback but at this point, I don’t see a compelling case for it.

@reamon

The requirement here is to track the call backs in gateway . The systems here are with in the internal network. I think below feature mentioned in the document is for the similar use case. Please correct me if i am wrong . But i could not understand how it works. It would be great if you can guide me on below setting and how it works

3.Select Process all API callback requests.

This enables API Gateway to accept all the API callback requests coming from the client and wraps these requests with its own URL before it routes these requests to the native API. This option is selected by default.

When this setting is disabled, the request from the client reaches the native API, as is, without the API Gateway wrapping it with its own URL. So, when the native API sends out the callback request to the client it directly reaches the client and API Gateway is unable to track such events.

I think you assume url replacement as below:

inbound
callbackURL → apigatewayURL

outbound
apigatewayURL → callbackURL

It should be rather like below:

inbound
callbackURL → apigatewayURL?callbackURL

outbound
apigatewayURL?callbackURL → callbackURL

I hope this clarifies it for you.

In documentations, it says wraps, not replaces. First diagram is replacement, second diagram is wrap visualized. Assume callbackurl is url encoded when passed down as parameter.

3 Likes

Thanks All for your inputs.

I found API Gateway is replacing the URL with its own URL (Wrapped URL) . Gateway generates in own URL as below & then replaced it in the parameter that we specify

For example,

Call back URL sent by consumer in Request : client.com is for sale | www.oxley.com
Callback URL wrapped by Gateway & sent to native API : https://gwhost:5543//https://client.com/callback