Enroll a CA API Gateway

This article provides information about enrolling a CA API Gateway after the tenant record is created.
This article provides information about enrolling a CA API Gateway after the tenant record is created.
After a tenant record is created, you must enroll an API Gateway to handle API run-time traffic for example, managing and creating services. The API Gateway is a component that exposes, secures, and manages back-end applications, network systems, or infrastructure through services and APIs.
This article contains the following information:
 
   
 
Before You Begin
Before enrolling an API Gateway, ensure that the following requirements are met:
  • The tenant record must be created. See Create the API Portal Tenant
  • The following tools are correctly installed, configured, secured, and tested:
    • CA API Gateway 9.2.00 CR05 or higher
    • OAuth Toolkit (OTK) version 3.6 or higher
  • The OTK installation has the following properties:
    • No instance modifier.
    • The 
      Shared Portal
       and 
      Internal, Portal
       solution kits are installed. These solution kits, available when installing the OAuth Solution Kit, are required for integrating with the API Portal.
    • The default JDBC connection named 
      OAuth 
      is used.
  • Ensure that no global policies are configured on the API Gateway.
  • Have the API Portal hostname (for example, apim.mycompany.com) mapped in your DNS server or in the hosts file of your Gateway
  • The time on the API Gateway is synchronized with the 
    API Portal
    . Typically, both entities point to the same NTP server.
Before enrolling the API Gateway, take a snapshot of the 
API Portal
 as a backup.
Enroll a Gateway
You can enroll a Gateway on 
API Portal
.
Follow these steps:
  1. In a browser, navigate to the new tenant URL that you defined in enroll.json.
  2. Log in to the 
    API Portal
     as the API Portal administrator using the following default credentials:
    • User: admin
    • Password: 7layer
    Change the default password upon login.
  3. Select the 
    Services
     icon.
  4. Select 
    Publish, Proxies
    .
    The API Proxy page displays.
  5. Select 
    Add Proxy
    .
  6. Enter a name in the 
    Proxy Name
     field.
  7. Select Automatic, On Demand, or Scripted deployment type.
    For more information, see Deployment Types.
  8. Select 
    Create
    .
    The Proxy Enrollment page displays.
  9. In 
    Enrollment URL
    , select 
    Select URL
     and copy the value.
  10. Using the CA API Gateway Policy Manager, connect to your CA API Gateway.
  11. After you are logged in, select 
    Tasks
    Extensions and Add-Ons, Enroll with Portal
    .
  12. Paste the enrollment URL in the 
    Enroll with SaaS Portal
     window and select 
    Apply
    .
  13. Log in to your new tenant Portal, for example,
     mytenant.mycompany.com
    , and then validate that the external tenant displays.
  14. Restart the API Gateway by running 
    service ssg restart
     on the API Gateway server.
Deployment Types
When enrolling a proxy, select one of the following deployment types:
 
  • Automatic – Gateway published APIs must use the automatic deployment type.
  • On-demand
  • Scripted
 See Manage API Deployments for more information about selecting a deployment type.
Post Deployment
After the administrator deploys the 
API Portal
, the following functionalities are available for the users:
  • Publish an API, and view the details of the API from API Catalog page
  • Create and manage users
  • Self-register to Portal and view the APIs
  • Create Organizations and Account Plans
  • Approve or reject requests from the Requests page
  • Perform configurations from the Settings page
  • Only view APIs in the API explorer.
    Because you are not enrolled with API Proxy, you cannot test the APIs from the API Explorer option.
Integrate with API proxy clusters to perform the following tasks:
  • Publish APIs
  • Manage API keys
  • View the analytics data in the Analytics dashboard
  • Test the APIs on Proxy using the API Explorer
Failed Gateway Deployment?
If you tried to enroll an API Gateway with an API Portal but the enrollment failed, clean up the API Gateway and Portal before you try again.
 Use the following procedures whether you set up the API Gateway on AWS or on another cloud or network.
 
To clean up the API Gateway:
 
  1. In the Policy Manager, log in to the Gateway as a Gateway administrator.
  2. On the 
    Tasks
     menu, select 
    Certificates, Keys and Secrets
     and 
    Manage Certificates
    . Use the dialog to remove the TSSG, PSSG and DSSG certificates.
    Do not delete the API Gateway self-signed SSL certificate.
  3. On the 
    Tasks
     menu, select 
    Certificates, Keys and Secrets
     and 
    Manage Private Keys
    . Use the dialog to remove the portalman private key.
  4. On the 
    Tasks
     menu, select 
    Global Settings
     and 
    Manage Scheduled Tasks
    . Use the dialog to remove the following tasks:
    • Portal Sync Application 
    • Portal Sync API 
    • Portal Tenant Sync Policy Template 
    • Portal Sync Account Plan 
    • Portal Bulk Sync Application 
    • Portal Check Bundle Version 
    • Delete Portal Entities 
    • Move Metrics Data Off Box Task 
    • Portal Sync SSO Configuration
  5. On the 
    Tasks
     menu, select 
    Global Settings
     and 
    Manage Cluster-wide Properties
    . Use the dialog to remove all properties that begin with 
    portal.
     
  6. Restart Gateway service.
 
To remove the Portal:
 
  1. Log in to the API Portal as an API Portal administrator.
  2. On the navigation bar, select the 
    Services
     icon and select 
    Proxies
    .
  3. On the 
    API Proxy
     page, select 
    Add Proxy 
    to add new API proxy, enter a different name, and select 
    Create
  4. Copy the enrollment URL. 
  5. Connect to the API Gateway with the Policy Manager.
  6. In the 
    Policy Manager
    , select 
    Tasks
     on the top menu bar. 
  7. On the menu, select 
    Extensions and Add-Ons, Enroll with Portal
  8. Paste the enrollment URL in the 
    Enroll with SaaS Portal
     window. 
  9. On the 
    API Proxy
     page, delete the old API proxy which is enrolled with the same API gateway.
Update Portal Integration
 
To enroll Portal or to update the enrollment bundle:
 
  1. In the Gateway Policy Manager, log in as admin. 
  2. After you are logged in, select 
    Tasks
     on the top menu bar.
  3. On the menu, select 
    Extensions and Add-Ons
    .
  4. Select 
    Enroll with Portal
     or 
    Update Portal Integration
    .