1. Using Integrations in Oracle Integration 3
  2. Design and Monitor Integrations in Projects
  3. Manage a Project
  4. Deploy Integration Endpoints to Oracle Cloud Infrastructure API Gateway

Deploy Integration Endpoints to Oracle Cloud Infrastructure API Gateway

You can deploy individual integration endpoints as routes to Oracle Cloud Infrastructure API Gateway. An Oracle Cloud Infrastructure API Gateway instance supports a maximum of 20 deployments. Each deployment can contain up to 50 routes (each routing to individual endpoints). This provides you with a capacity of 1000 integration endpoints to which to deploy.

See Overview of API Gateway.

Note:

To perform tasks in the Oracle Cloud Infrastructure Console, you must have the ServiceAdministrator role.

Restrictions

  • Deployment to Oracle Cloud Infrastructure API Gateway only works in identity domain-enabled environments.
  • Only integrations in a project can be deployed to Oracle Cloud Infrastructure API Gateway. The integration must be publicly available. That is, the Available to other projects check box must be selected for this integration.
  • The integration must be activated.
  • You can only deploy a REST Adapter trigger-based integration.
  • REST Adapter trigger connections that expose multiple entry points to a single integration are not supported. See Receive Requests for Multiple Resources in a Single REST Adapter Trigger with a Pick Action.

See API Limits.

Create a Dynamic Group and Policy to Grant Gateway Access

To deploy integration endpoints to Oracle Cloud Infrastructure API Gateway, you must satisfy the following prerequisites in the Oracle Cloud Infrastructure Console.
  • Create a dynamic group.
  • Create a policy to grant access to Oracle Cloud Infrastructure API Gateway.

You create the required dynamic group and assign a policy to that group to allow your Oracle Integration instance to access Oracle Cloud Infrastructure API Gateway. The policy defines the permissions for the dynamic group and determines which operations the dynamic group can perform in the Oracle Cloud Infrastructure API Gateway.

  1. Log in to the Oracle Cloud Infrastructure Console.
  2. Obtain the client ID of the OAuth application for the Oracle Integration instance.
  3. In the upper right corner, select Profile, then click the identity domain.
  4. In the left navigation pane, click Oracle Cloud Services.

    The Oracle Cloud Services page for your domain appears.

  5. In the Name column, click your service instance.
  6. Scroll down to the General Information section and copy the client ID value to use to create your dynamic group.
  7. Scroll to the breadcrumbs at the top and click Default domain.


    The Identity > Domains > Default domain > Oracle Cloud Services breadcrumbs are shown.

  8. In the left navigation pane, click Dynamic groups.
  9. Click Create Dynamic Group.
  10. Enter the following details:
    1. In the Name and Description fields, enter values. These fields are required.
    2. In the Matching Rules section, enter the required rule. The resource ID you specify must match the client ID of the OAuth application of your Oracle Integration instance. Ensure that you enclose the value in single quotes. For example:
      resource.id = 'client_ID'


      The Matching rules section shows a value of resource.id = 'FA2E'

  11. Scroll to the breadcrumbs at the top and click Identity.


    The Identity > Domains > Default domain breadcrumbs are shown.

  12. In the left navigation pane, click Policies.
  13. Click Create Policy.
  14. Select the compartment in which to create the policy.
  15. Enter the following details:
    1. In the Name and Description fields, enter values. These fields are required.
    2. In the Policy Builder section, build the required policy for the dynamic group. For example:
      allow dynamic-group dynamic_group to manage api-gateway-family in compartment compartment_name
      Where:
      • dynamic_group: Is the dynamic group name you created.
      • compartment_name: Is the compartment in which your Oracle Integration instance is located.

      This enables the Oracle Integration instance associated with the dynamic group to call Oracle Cloud Infrastructure API Gateway in this particular compartment.

Create a Virtual Cloud Network and an Internet Gateway

You must create a virtual cloud network and internet gateway before you can create an Oracle Cloud Infrastructure API Gateway.

  1. In the navigation menu, go to Networking.
  2. Click Virtual cloud networks.
  3. Click Create VCN.
  4. Enter the following information, then click Create VCN.
    Element Description
    Name Enter a virtual cloud network name.
    Compartment Displays the compartment you previously selected.
    IPv4 CIDR Blocks Assign up to five IPv4 CIDR blocks to a VCN. At least one is required. See VCN and Subnet Management.
    Use DNS hostnames in this VCN If you plan to use VCN DNS or a third-party DNS, this is required for instance hostname assignment. This selection cannot be changed after the VCN is created. See DNS in Your Virtual Cloud Network
    DNS Label This value is generated from the virtual cloud network name if not specified.
    DNS Domain Name This value is generated from the virtual cloud network name if not specified.

    The details page for the virtual cloud network is displayed.

  5. Click Create Subnet.
  6. Enter the following information, then click Create Subnet.
    Element Description
    Name Enter a subnet name.
    Compartment Displays the compartment you previously selected.
    Subnet Type Select a subnet type:
    • Regional (Recommended)
    • Availability Domain-specific
    IPv4 CIDR Block Enter the IPv4 CIDR block.
    Route Table Compartment Select the route table compartment.
    Subnet Access Select an access type:
    • Public Access
    • Private Access
    Use DNS hostnames in this VCN If you plan to use VCN DNS or a third-party DNS, this is required for instance hostname assignment. This selection cannot be changed after the VCN is created.
    DNS Label This value is generated from the virtual cloud network name if not specified.
    DNS Domain Name This value is generated from the virtual cloud network name if not specified.
    Dhcp Options Compartment Select the default DHCP options.
    Select Security List Compartment Select the security list.
    Resource Logging Select to enable resource logging.
  7. Under Resources, select Internet Gateways.
  8. Click Create Internet Gateway.
  9. Enter the following information, then click Create Internet Gateway.
    Element Description
    Name Enter an internet gateway name.
    Compartment Displays the compartment you previously selected.
  10. Under Resources, select Security Lists.
  11. In the Name column, click the default security list.
  12. Click Add Ingress Rules.
    1. Specify the source CIDR value.
    2. Leave the Source Port Range field blank.
    3. Enter 443 in the Destination Port Range field.
    4. Click Add Ingress Rules.
  13. Return to the details page for the virtual cloud network you created.
  14. In the Resources section, click Route Tables.
  15. In the Name column of the Route Tables section, click the default route rule.
  16. Click Add Route Rules.
  17. Enter the following information, then click Add Route Rules.
    Element Description
    Target Type Select Internet Gateway.
    Destination CIDR Block Enter the destination CIDR block.
    Target Internet Gateway Select the API gateway.
    Description Enter an optional description.
  18. In the Resources section, click Network Security Groups.
  19. Click Network Security Group.
    1. Enter a name.
    2. Leave the compartment as is.
  20. Click Next.
    1. Select CIDR in the Source Type list.
    2. Select TCP in the IP Protocol list.
    3. Specify All in the Source Port Range field.
    4. Specify the value in the Source CIDR field.
    5. Specify 443 in the Destination Port Range field.
    6. Click Create.
  21. In the breadcrumbs at the top of the page, click the link for the virtual cloud network that you created.
  22. In the Resources section, click Security Lists.

    If egress rules do not exist, you must define them.

  23. In the Resources section, click Egress Rules.

Create an Oracle Cloud Infrastructure API Gateway and Deployment in Oracle Cloud Infrastructure Console

You must create an Oracle Cloud Infrastructure API Gateway. Each gateway instance supports a maximum of 20 deployments. Each deployment can handle up to 50 routes. This means that one gateway instance can protect up to 1000 APIs. You can select an existing deployment, enabling a new route to be created in that deployment. You can also create a new deployment.

  1. In the navigation menu, go to Developer Services.
  2. Under API Management, select Gateways.
  3. Select the compartment to use for deployment.
  4. Click Create Gateway.
  5. Enter the following information, then click Create Gateway.
    Element Description
    Name Enter a gateway name.
    Type Select Public.
    Compartment Displays the compartment you previously selected.
    Network Select the following networking details:
    • Virtual cloud network: Select a virtual cloud network.
    • Subnet: Select a VCN with at least one regional subnet added.

    See Networking Overview.

    Enable network security groups Select the check box, then select a compartment with at least one network security group.
    Certificate Select an SSL/TLS certificate that has been added to Oracle Cloud for use with a custom DNS configuration or use the default certificate provided by the gateway. See Setting Up Custom Domains and TLS Certificates.

    The new gateway is displayed in the Name column on the Gateways page.


    The Gateways page shows a table with columns with Name, State, Type, Created, and Updated. On the left are links for Gateways, APIs, Certificates, Usage plans, and Subscriptions.

  6. Click the gateway name.
  7. Under Resources, click Deployments.
  8. Click Create deployment.


    The Gateway page shows tabs for Edit, Move resource, Add tags, and Delete. Below are tabs for Gateway information and Tags. Below are fields with values for OCID, Compartment, Type, Subnet, Hostname, IP address, Created, and Updated. Below is the Deployments section. A Create deployment button is displayed. Below this is a table with columns for Name, Path prefix, State, Endpoint, and Deployed.

    The Create deployment wizard is displayed.

    You can create deployments based on categories appropriate to your business environment. For example, you may want to create separate deployments for applications, functional areas within an application, client requirements (for example, all APIs for a client-facing portal), and so on. You then deploy the integration endpoints to the appropriate deployment category.

  9. Enter the following information, then click Next.
    Element Description
    Name Enter a deployment name. For this example, Netsuite is entered.
    Path prefix Enter a prefix. For this example, /netsuite is entered.
    Compartment Displays the compartment you previously selected.
    API request policies Select API request policies as required for your environment:
    • Mutual-TLS: Select to enable mTLS.
    • CORS: Configure CORS access.
    • Rate limiting: Configure rate limiting.
    • Usage plans: Configure usage plans.
    API logging policies Select a logging level.

    See Adding Logging to API Deployments.

    Tags (under Show advanced options) Add tags to organize your resources.
  10. Select an Authentication method, and specify additional details, then click Next
    • No Authentication: Any client that has network access to the gateway can make requests to all routes in this deployment.
    • Single Authentication: Configure integration with a single identity provider. You can optionally limit access for all routes to authenticated clients only.

      If you select this option, authentication, validation, and other security fields are displayed for configuration.

    • Multi-Authentication: Configure integration with one or more identity providers. You can optionally limit access for all routes to authenticated clients only.

      If you select this option, additional authentication fields are displayed for configuration.

    Route 1 is displayed.

    Individual integration endpoints are deployed as routes to an Oracle Cloud Infrastructure API Gateway deployment.

  11. Enter the following information, then click Next.
    Element Description
    Path Enter a path (for example, /order).
    Methods Select one or more methods based upon your requirements (for example, GET, POST, PUT, or others).
    Add a single backend This option enables all requests for this route to be sent to the same backend. Select a backend type. Each selection causes additional fields to be displayed for you to configure.
    • HTTP
    • Oracle functions
    • Stock response
    • Logout
    Add multiple backends Route to different backends based on criteria at runtime.

    To configure your route to support multiple backends, first define the request context element to use as the selector. The gateway uses the selector at runtime to choose the backend based on a matching rule defined for the backend.

    Selector: Select the request context table. Some selections cause additional fields to be displayed for you to configure.
    • Auth
    • Headers
    • Host
    • Path
    • Query parameters
    • Subdomain
    • Usage plan ocid

    Backends: Add one or more backends for your route. Each backend needs a matching expression that the gateway uses to match based on the request context in the selector at runtime.

    Specifies the type of the backend service Expand and specify polices as required for your environment.
    • Show route request policies
    • Show route response policies
    • Show response caching policies
    • Show route logging policies
  12. Review your selections on the Deployment page, then click Create.

    Route 1 is configured.

    Note that HTTP is selected and the URL field shows the REST Adapter-trigger based integration to later publish from your project in Oracle Integration.


    The Basic information, Authentication, Routes, and Review links are shown on the left. On the right is the Route 1 page. Below are fields for Path and Methods. Below are buttons for Edit added single backend and Edit added multiple backends. Below is a list for Backend Type. Below are fields for URL, Connection establishment timeout in seconds, Request transmit timeout in seconds, and Reading response in seconds. Below is a Disable SSL verification check box.

  13. Create additional routes, as needed.

    For this example, a second route is created with a second REST Adapter-trigger based integration to later publish from your project in Oracle Integration.


    The Route 2 page is shown. Below are fields for Path and Methods. Below are buttons for Edit added single backend and Edit added multiple backends. Below is a list for Backend Type. Below are fields for URL, Connection establishment timeout in seconds, Request transmit timeout in seconds, and Reading response in seconds. Below is a Disable SSL verification check box.

  14. Follow Step 8 through Step 12 to create any additional deployments and routes. For this example, a second deployment (Oracle Rest Say Hello World) is created that includes a single route:


    The Route 1 page is shown. Below are fields for Path and Methods. Below are buttons for Edit added single backend and Edit added multiple backends. Below is a list for Backend Type. Below are fields for URL, Connection establishment timeout in seconds, Request transmit timeout in seconds, and Reading response in seconds. Below is a Disable SSL verification check box.

    When complete, the two deployments are listed on the details page for the gateway.


    The Gateway page shows tabs for Edit, Move resource, Add tags, and Delete. Below are tabs for Gateway information and Tags. Below are fields with values for OCID, Compartment, Type, Subnet, Hostname, IP address, Created, and Updated. Below is the Deployments section. A Create deployment button is displayed. Below this is a table with columns for Name, Path prefix, State, Endpoint, and Deployed.

You are now ready to deploy individual integration endpoints as routes to Oracle Cloud Infrastructure API Gateway.

Deploy an Integration to API Gateway

After completing all prerequisites and gateway and deployment configuration tasks, you can deploy individual integration endpoints as routes from a project to Oracle Cloud Infrastructure API Gateway.

  1. In the navigation pane, click Projects.
  2. Click the project name or click Edit icon.
  3. In the Integrations section, find the already-activated integration to publish. Only active REST Adapter, triggered-based integrations can be deployed.
  4. Click Actions Actions icon, and select Publish to API Gateway.

    The Publish to API gateway panel opens.

  5. Enter the following information:
    Element Description
    REST endpoint Displays the endpoint of the integration. This endpoint cannot be deselected.
    Search or select compartment Select the compartment created in the Oracle Cloud Infrastructure Console that includes Oracle Cloud Infrastructure API Gateway.
    Search or select API gateway Select the Oracle Cloud Infrastructure API Gateway instance created in that compartment.
    Select or create API gateway deployment Select a deployment inside the gateway instance. You can also create a gateway from this field.

    For this example, the test-oic-apigw gateway and NetSuite deployment created in Create an Oracle Cloud Infrastructure API Gateway and Deployment in Oracle Cloud Infrastructure Console are selected.


    The Publish to API gateway page is shown. Fields are shown for Status, Path prefix, Endpoint URL, View deployment in OCI console, Compartment, API gateway, and Deployment gateway.

  6. Click Publish.

    The deployment is visible in Oracle Cloud Infrastructure API Gateway. Use the Observe tab in the project to check if the API calls are being reached when invoked by the Oracle Cloud Infrastructure API Gateway deployment URL.

  7. If you want to unpublish your API gateway deployment, click Undo publish.