API Portal Architecture
API Portal externalizes configuration and dependencies to simplify upgrades and maintenance.
Layer7 API Developer Portal(
API Portal) is designed to externalize configuration and dependencies to simplify upgrades and maintenance. Customers can maintain API Portal in the same way as they maintain their other systems.
In this topic:
For more detailed information, see the section below.
API Portal Services
The API Portal solution includes the following Docker services:
Tenant Provisioner:Used to provision tenant entities and resources.
Ingress:The central location for the Portal API, Metrics API, and Authorization API. Access Ingress and its APIs from the tenant Gateway or programmatically from your client systems. It is also the entry point to metrics and messaging using MQTT/s.
Dispatcher:A public-facing service that proxies traffic to the API Portal web application. Port 80 is exposed but automatically redirects to https (443) traffic.
PSSG:PSSG, or Portal Gateway, is a PSSG component that provides services to enrol tenant gateways with API Portal, publishes and deploys APIs from API Portal to tenant Gateways, and manages mutual trust between tenant Gateways and API Portal.
Portal Data:Provides a business layer used to manage APIM entities that include but are not limited to APIs, Applications, API Plans, Account Plans, and Organizations.
Portal Enterprise: Provides legacy web front-end support and handles authorization requests for the
SMTP Email Server:A mail server is required for sending notification emails from the API Portal. A SMTP email server is provided with the installation. You can also configure and use your corporate email server. For more information about how to use an external mail server, see Configure and Use External Mail Server.
Authenticator:Authenticator performs native user authentication and allows integration with customer’s Identity Provider.
Message Broker:Component for messaging support and inter-component communication.
API Portal does not communicate directly to your tenant Gateways. For security, the communication is initiated from your tenant Gateway to the API Portal Depending on your use case and deployment model, you might need to allow traffic on your firewall between your tenant Gateway and API Portal. You must open an outbound connection to this port because traffic multiplexes into port 9443.
Internal Supporting Services
API Portal provides and installs the following internal services:
Analytics Engine:The Ingress Gateway authenticates and forwards the request containing analytics data to Ingestion Server, which then streams it to the Kafka topic. The Druid cluster ingests this data from the Kafka topic and stores in MinIO system. The Analytics Service exposes capabilities to query analytics data stored in Druid system for reporting and visualization.
External Supporting Services
You need the following items to support API Portal. They are located in their own environments outside the API Portal environment. Customers must provide these items.
Tenant Gateway:The tenant Gateway is a Layer7 API Gateway. It serves as an API proxy for the customer's backend APIs, services, and data. Customers also add policies to the tenant Gateway to provide authentication and other features to their APIs.
External Databases on MySQL Database:The external database server hosts multiple databases. The Docker containers need those databases for external configuration and persistent data. API Portal creates the following databases initially and dynamically updates them during upgrades:
- Database for the API Portal OAuth Toolkit. The value of <TENANT_ID> comes from the value given to the PORTAL_TENANT_ID variable in the portal.conf configuration file. If you set the host name to be<TENANT_ID>_otk_db:apim, then the name of this database isapim_otk_db. Portal supports multi-tenancy. See Portal Multi-Tenancy for more details.
- rbac:Database for storing definitions for API Portal roles.
- tenant_provisioning:Database for managing provisioning of tenant entities and resources.
- portal:Database for managing API Portal entities.
- integration_core:Tracks the integrations in API Portal, such as the Runscope integration.
- integration_runscope:Tracks the API monitoring tests that have been created.
External Email Server:API Portal provides a Postfix mail server and provides the option to use an external corporate mail server. For more information about how to use an external mail server, see Configure and Use External Mail Server.