Create a Database for your Authentication Tokens

If you plan to configure
CA Live API Creator
to run as a cluster and you have specified an authentication provider that uses the Default Auth Provider authentication method (for example, the built-in authentication authentication provider) or a custom JavaScript authentication provider that uses the JavaScript Auth Provider authentication method as the authentication provider for your API, create a database for your authentication tokens.
lac51
If you plan to configure
CA Live API Creator
to run as a cluster and you have specified an authentication provider that uses the
Default Auth Provider
authentication method (for example, the
built-in authentication
authentication provider) or a custom JavaScript authentication provider that uses the
JavaScript Auth Provider
authentication method as the authentication provider for your API, create a database for your authentication tokens.
CA Live API Creator
stores the authentication tokens that it generates for API users in this database. In cluster configurations,
CA Live API Creator
authenticates API users across the nodes in the cluster by sharing the authentication tokens that it stores in this database. With a database for persisting your authentication tokens, you can start and restart API Server without requiring authentication. API Server accepts requests that pass in valid and unexpired authentication tokens. In addition, within this database,
CA Live API Creator
creates an audit of the authentication token-creation process and persists the information about the authentication token.
By default,
CA Live API Creator
generates authentication tokens, stores them in the in-memory Derby database, and synchronizes them to your admin repository in the following cases:
  • You have configured
    CA Live API Creator
    to run as a single node.
  • You are running in a local development environment.
  • You have specified an authentication provider that uses the
    Default Auth Provider
    authentication method (for example, the
    built-in authentication
    authentication provider) or a custom JavaScript authentication provider that uses the
    JavaScript Auth Provider
    authentication method as the authentication provider for your API.
You can optionally have
CA Live API Creator
store the authentication tokens that it generates for API users in a database instead by creating one.
Creating a database for your authentication tokens is
not required
in the following cases where an API user does not authenticate using the
@authentication
system REST endpoint:
  • You are publishing APIs that you are exposing and securely managing using CA API Gateway.
  • You have specified an authentication provider that uses the
    HTTP Auth Provider
    authentication method as the authentication provider for your API.
  • Your API uses only the authentication tokens that you define in your API.
  • You have enabled your API for only basic authentication.
As your API development evolves, your business requirements can invalidate the need for predefined authentication tokens in your API. When API Server restarts with the revised API definition,
CA Live API Creator
does not purge these authentication tokens (which become invalid) from your authentication token database. Connect to this database and remove the authentication tokens using a SQL client tool.
Use the following process to create the database for
CA Live API Creator
to store the authentication tokens that it generates for API users:
Create a Database for your Authentication Tokens
Create a database to store your authentication tokens and name the database
lacapikeys
.
Create a Table in the Database
Create a table in this database to store the authentication tokens. Use the SQL script that is specific to your database type:
SQL script for MySQL
SQL script for Microsoft SQL Server
SQL script for Oracle
SQL script for PostgreSQL
Create a JNDI Data Source in your Java Container
In the Java container, create a Java Naming and Directory Interface (JNDI) data source that points to the database for your authentication tokens, based on your Java container type.For an example of how to create a JNDI data source for
CA Live API Creator
running on Apache Tomcat, see Configure Database Connections Using JNDI.
Connect your API to the Database
Prerequisite:
You have created an empty API.
Follow these steps:
  1. In API Creator, within your empty API, connect to the database by completing
    one
    of the following:
    • (Recommended) Create a data source through a Java container's JNDI definition. On the Create data source window, enter
      ApiKey
      as the
      Name
      , enter
      apikey
      as the
      Prefix
      , and then click
      Add
      .
    • Create a JDBC data source.
      If you create the JDBC data source in a different environment, remove the
      schemaCacheCompressed
      attribute and value from the
      ApiKey.json
      file that is created.
      If your database is MySQL, add the
      sessionVariables
      attribute to the JDBC URL. For example:
      jdbc:mysql://dbserver.acme.com:3306/AuthTokensDB?sessionVariables=sql_mode%3DANSI_QUOTES
    For more information about how to add a connection to a JNDI named data source or a JDBC data source, see Database Connectivity.
    Your API is connected to the database. The definition of the data source for the authentication token database (the
    ApiKey.json
    file) is created in the
    apis/<apiurl>/data_sources
    directory.
  2. Test the data source connection by clicking
    Test Connection
    .
    API Creator verifies the connection to the database.
Your API is connected to the database.
Configure to Use the Database
Configure
CA Live API Creator
to use the database.
Follow these steps:
  1. From Terminal or a command prompt, change directories to the location of your admin repository by issuing the following command:
    cd <the directory location of your admin repository>
  2. (Optional) Create a backup of the
    system/data_sources/ApiKey.json
    file in a directory that is located outside of the admin repository.
  3. Stop API Server.
  4. Copy the
    ApiKey.json
    file that is located in the
    apis/<apiurl>/data_sources
    directory to the
    system/data_sources
    directory.
  5. Start API server by issuing the following command:
    (Windows)
    start.bat
    (Unix/Mac)
    sh Start.sh
You have configured
CA Live API Creator
to use the database for the authentication tokens.
Next Steps
Now that you have configured
CA Live API Creator
to use the database for the authentication tokens, you can configure
CA Live API Creator
to run as a cluster. For more information, see Configure to Run as a Cluster.