Create a Database for your Authentication Tokens

If you plan to configure 
CA Live API Creator
 to run as a cluster and you have specified an authentication provider that uses the 
Default Auth Provider
 authentication method (for example, the
built-in authentication
 authentication provider) or a custom
JavaScript Auth Provider
that uses the JavaScript Auth Provider authentication method as the authentication provider for your API, create a database for your authentication tokens.
CA Live API Creator
 stores the authentication tokens that it generates for API users in this database. In cluster configurations, 
CA Live API Creator
 authenticates API users across the nodes in the cluster by sharing the authentication tokens that it stores in this database. With a database for persisting your authentication tokens, you can start and restart API Server without requiring authentication. API Server accepts requests that pass in valid and unexpired authentication tokens. In addition, within this database, 
CA Live API Creator
 creates an audit of the authentication token-creation process and persists the information about the authentication token.
By default, 
CA Live API Creator
 generates authentication tokens, stores them in the in-memory Derby database, and synchronizes them to your admin repository in the following cases:
  • You have configured 
    CA Live API Creator
     to run as a single node.
  • You are running in a local development environment.
  • You have specified an authentication provider that uses the 
    Default Auth Provider
     authentication method (for example, the 
    built-in authentication
     authentication provider) or a custom JavaScript authentication provider that uses the 
    JavaScript Auth Provider
     authentication method as the authentication provider for your API.
You can optionally have 
CA Live API Creator
 store the authentication tokens that it generates for API users in a database instead by creating one.
Creating a database for your authentication tokens is 
not required
 in the following cases where an API user does not authenticate using the 
@authentication
 system REST endpoint:
  • You are publishing APIs that you are exposing and securely managing using CA API Gateway.
  • You have specified an authentication provider that uses the 
    HTTP Auth Provider
     authentication method as the authentication provider for your API.
  • Your API uses only the authentication tokens that you define in your API.
  • You have enabled your API for only basic authentication.
As your API development evolves, your business requirements can invalidate the need for predefined authentication tokens in your API. When API Server restarts with the revised API definition, 
CA Live API Creator
 does not purge these authentication tokens (which become invalid) from your authentication token database. Connect to this database and remove the authentication tokens using a SQL client tool.
Use the following process to create the database for 
CA Live API Creator
 to store the authentication tokens that it generates for API users:
 
 
Create a Database for your Authentication Tokens
Create a database to store your authentication tokens and name the database 
lacapikeys
.
Create a Table in the Database
Create a table in this database to store the authentication tokens. Use the SQL script that is specific to your database type:
 
SQL script for MySQL
 
SQL script for Microsoft SQL Server
 
SQL script for Oracle
 
SQL script for PostgreSQL
Create a JNDI Data Source in your Java Container
In the Java container, create a Java Naming and Directory Interface (JNDI) data source that points to the database for your authentication tokens, based on your Java container type.For an example of how to create a JNDI data source for 
CA Live API Creator
 running on Apache Tomcat, see Configure Database Connections Using JNDI.
Connect your API to the Database
Prerequisite:
 You have created an empty API.
Follow these steps:
 
  1. In API Creator, within your empty API, connect to the database by completing 
    one
     of the following:
    • (Recommended) Create a data source through a Java container's JNDI definition. On the Create data source window, enter 
      ApiKey
       as the 
      Name
      , enter 
      apikey
       as the 
      Prefix
      , and then click 
      Add
      .
    • Create a JDBC data source.
      If you create the JDBC data source in a different environment, remove the 
      schemaCacheCompressed
       attribute and value from the 
      ApiKey.json
       file that is created.
    For more information about how to add a connection to a JNDI named data source or a JDBC data source, see Database Connectivity.
    Your API is connected to the database. The definition of the data source for the authentication token database (the 
    ApiKey.json
     file) is created in the 
    apis/<apiurl>/data_sources
     directory.
  2. Test the data source connection by clicking 
    Test Connection
    .
    API Creator verifies the connection to the database.
Your API is connected to the database.
Configure to Use the Database
Configure 
CA Live API Creator
 to use the database.
Follow these steps:
 
  1. From Terminal or a command prompt, change directories to the location of your admin repository by issuing the following command:
    cd <the directory location of your admin repository>
  2. (Optional) Create a backup of the 
    system/data_sources/ApiKey.json
     file in a directory that is located outside of the admin repository.
  3. Stop API Server.
  4. Copy the 
    ApiKey.json
     file that is located in the 
    apis/<apiurl>/data_sources
     directory to the 
    system/data_sources
     directory.
  5. Start API server by issuing the following command:
    (Windows)
    start.bat
    (Unix/Mac)
    sh Start.sh
You have configured 
CA Live API Creator
 to use the database for the authentication tokens.
Next Steps
Now that you have configured 
CA Live API Creator
 to use the database for the authentication tokens, you can configure 
CA Live API Creator
 to run as a cluster. For more information, see Configure to Run as a Cluster.