CA Layer7 API Gateway

Layer7 API gateway is an API management solution provided by CA Technologies. It is designed to offer a comprehensive set of features for managing, securing, and scaling APIs. The API gateway provides security, traffic management, policy enforcement, monitoring and analytics, and API lifecycle management. Traceable integrates with the Layer7 API gateway using request and response policies and a scheduler policy. The request and response policy captures the data flowing through the gateway and, with the help of the scheduler policy, sends the data to the Traceable Platform agent. 

The following diagram shows a high-level deployment and traffic flow.

Traceable provides a prepolicy to capture the request and a postpolicy to capture the response. You can attach the pre-policy to the start of the API policy or the global message received policy. The post-policy can be attached at the end of the API policy or to the global message completed policy. The scheduler policy runs in the background regularly and sends the pre and post-policy data to the Traceable Platform agent.

Before you begin

• The policy actions are carried out through the Layer7 API Gateway Policy Manager. Make sure that the Policy Manager is available.

• Make sure that Traceable Platform agent 1.39.0 or later is already installed. For more information on installation, see Platform agent.

• Make a note of the Traceable Platform agent IP address. This would be required during the configuration steps.

• Download the Traceable policies for Layer7 API Gateway from Traceable’s download site. Navigate to agent → ca-layer7 → latest.

Configure Traceable agent IP address

Update the Global cluster property ta_reporting_endpoint to https://<traceable_platform_agent_IP>:5443 for TLS and http://<traceable_platform_agent_IP>:5442 for non-TLS connection. Navigate to Tasks → Global Settings → Manage Cluster-Wide Properties. Click on Add to add ta_reporting_endpoint property. This is a mandatory property.

(Optional) Connect to Traceable Platform agent over TLS

Make sure that the Traceable Platform agent’s TLS is already set up. For more information, see Generate self-signed certificate. Complete the following steps:

1. Add the root_ca.crt certificate file or corresponding certificate file for the Traceable Platform agent. In the policy manager, navigate to Tasks → Certificates, Keys, and Secrets → Manage Certificates → Add.

   

(Optional) cluster-wide properties

Other optional cluster-wide properties that you can configure are listed below. Navigate to Tasks → Global Settings → Manage Cluster-Wide Properties. Click on Add to add these properties.

Configuration

Complete the following steps in Gateway Policy Manager:

1. Create a new policy. To create a new policy, right-click on the folder in which you wish to create the policy.

   

2. Create the policy of type Include Policy Fragment. You can name this policy as traceable-pre-policy.

   

3. Import TRAI_PrePolicy.xml in the policy that you created in step 2.

   

4. Save and activate the policy.

   

5. Create a new policy of type Include Policy Fragment. You can name this policy as traceable-post-policy. Follow the same steps in UI as mentioned in steps 1 and 2.

6. Import the TRAI_PostPolicy.xml by following the steps in UI as mentioned in step 3.

7. If you do not already have a global message-received policy, add a new one and select the Global policy fragment type and message-received tag.

   

8. In the global message-received policy, add an Include Policy Fragment policy at the top of the policy and select traceable-pre-policy. In the search bar, as shown in the screenshot below, search for Include Policy Fragment and click on it.

   

9. Drag and drop the policy from the search section to the policy section on the right. Select traceable-pre-policy, as shown in the screenshot below. Save and activate the policy.

   

10. If you do not already have a global message-completed policy, add a new one and select the Global policy fragment type and message-completed tag.

    

11. In the global message-completed policy, add an Include Policy Fragment policy at the top of the policy and select traceable-post-policy. In the search bar, as shown in step 8, search for Include Policy Fragment and click on it.

12. Drag and drop the policy from the search section to the policy section on the right. Select traceable-post-policy in a similar way as shown in step 9. Save and activate the policy.

13. Create a new policy of type Policy-Backed Service Operation Policy fragment and com.l7tech.objectmodel.polback.Backgroundtask tag.

    

14. Import TRAI_SchedulerTaskPolicy.xml in the policy that you created above. Save and activate the policy.

    

15. Add the scheduled task to run periodically. Navigate to Tasks → Global settings → Manage Scheduled Task. Click on Add to add a new scheduled task. Select the Scheduled policy that you created above and set the Execution Time as recurring that reoccurs every 1 second (recommended).

    

To verify a successful setup, send a few requests to your web API and see them in the Traceable Platform.