How to create a REST policy in Forum Sentry

In this tutorial, you will learn how to create a REST policy in Forum Sentry. As an API gateway, Forum Sentry enables you to lockdown APIs that generate XML and JSON traffic in your network. Three simple steps are required for setting up a REST policy: i) Registering the RESTful service endpoint ii) Setting up a listener iii) Configuring a REST policy that ties the listener and the endpoint. Let’s go through these steps.

For the REST endpoint, we will use a publicly available weather service from Open Weather Map.  You can directly invoke the REST call that returns weather in London through the following call:

http://api.openweathermap.org/data/2.5/weather?q=London,UK&mode=xml

Notice that the query parameter, mode is set to xml.  This instructs the endpoint to return weather data in XML format.  You can change the mode to JSON or HTML.

Weather-Endpoint-Forum-Sentry-REST-Policy

Our first step is to register this endpoint with Forum Sentry.  Simply navigate the the GATEWAY –> Network Policies and create a new HTTP remote policy as shown above.  Note that the Remote Server points to the endpoint domain name only, without a trailing URL path or query parameters.

HTTP-Weather-Listener-Forum-Sentry-REST

Next, we setup an HTTPS listener policy as shown above.  We use the SSL Termination policy setup in the tutorial SSL Policies for Securing your APIs.  You may skip setting up SSL by selecting an HTTP policy instead of HTTPS.

Forum-Sentry-REST-Policy

Now that the endpoint and the listener are both configured in Forum Sentry, you can tie them into a REST policy by navigation to GATEWAY –> Content Policies –> REST Policies.  As shown above, the listener policy (Virtual URI=172.16.65.128:443) is mapped to the weather endpoint (Remote URI=api.openweathermap.org:80).

To get the weather for London directly from the endpoint, click on:

http://api.openweathermap.org/data/2.5/weather?q=London,UK&mode=xml

To get weather data through Forum Sentry, click on:

https://172.16.65.128/data/2.5/weather?q=London,UK&mode=xml

Your IP address will be different based on your listener policy, however, that should be the only artifact that you will have to change to proxy through Forum Sentry.

Navigate to DIAGNOSTICS –>  Logging –> Internal Logs to review the system logs and follow the REST API call through Forum Sentry.  Make sure that the systems logging level is set to debug under DIAGNOSTICS –> Logging –> Settings.

This tutorial can now serve as a foundation for adding identity and security policies similar to the tutorial for locking down SOAP-based services as shown in Using HTTP Basic Auth for API Identity Management.