From this MuleSoft AWS api gateway blog, we will learn about AWS API Gateway and how we can integrate it with the MuleSoft Platform with the support of our AWS support services at Bobcares.

AWS API Gateway and MuleSoft Integration

An API gateway is an implementation tool having a connection between a client and backend services. It acts as a reverse proxy to accept all applications of API calls, validates, and aggregates which return the appropriate results.

API Gateway allows additional dedicated orchestration layers on top of backend APIs and services that separate orchestration from implementation concerns.

The Amazon API Gateway is a fully managed service, that makes it easier to create, publish, monitor, and secure APIs. It also handles all other tasks involved in accepting and processing thousands of concurrent API calls including traffic management, CORS support, authorization, access control, monitoring, and API version management.

Let’s check on how to create the API gateway in the AWS console and thereafter use it for implementing the Non-Functional Requirements for Mule APIs.

Procedure and WTs

• First, start by creating an account in AWS.

• For any operations to be performed and AWS integration we need to create a user under the IAM section of AWS. Next, click on the organization name on the top right of the console page.

• Click on my security credentials >> select users from the displayed page.

• Create a user under the user’s section with Administrator Access. You will get an option to download the IAM user access ID, and access key.

• In the AWS home screen, type AWS gateway and select it. The new page shown is our main page for the AWS gateway.

Create API

• Click on create API and you can see the options below on the next page.

• You will get different options like HTTP API, Websockets API, REST API, REST API for creating the new API gateway. All of them are classified as our choices and use casMuleSoft AWS api gateways. For this particular, we are going to deal with normal REST APIs.

• Select REST API >> click on Build. From the page displayed you will see different options like REST, web sockets, and whether to create a new API for the gateway or clone from an existing API. We have the option to import the Swagger/OAS specification.

• For our case, we will be going with REST API and importing from the open API option. Creating this API as a gateway for mule API. We have the option to import our RAML specification as a swagger code and to auto-generate the resources for the gateway.

• Go to the published API specification in exchange and download it as an OAS. You can see a .json file downloaded. Now select that file and open it as an OAS using an option in the gateway console.

• Once you open it you can see the swagger file.

• In the next option endpoint type. We will get three options: Regional, Edge optimized, and Private. Regional APIs are deployed in the current AWS region, the region we have set up during creating/setting up of the account.  The CloudFront network and Private APIs are deployed by the Edge-optimized APIs.

• After selecting all the other options mentioned above click on import.

Specify Resources

• Click on any of the methods that you want to start building. You will get options like HTTP, proxy, Lambda, AWS service, and VPC link. We will go with HTTP because we need to secure and manage our deployed APIs in Cloudhub. Thereby fulfilling the NFRs.

• Provide the deployed Cloudhub endpoint in the endpoint section and the method in the HTTP section. There is one more option “Content Handling” where the incoming data gateway can be converted to binary/text if required.

• Click on save.

• In the method request section, we can see all the headers and query parameters auto-populated as in our RAML specification.

• Go to the Integration Request stage and add the query param as in the initial stage to retrieve the value. This will make the request stage ready to receive the QP from the initial stage.

• The Integration response stage takes only 200 status code responses by default. Let’s make different status codes such as 500,400 etc.

• Further, in the Method Response section, add all the status codes provided in the integration response stage.

• Click on the test from the client section of the page to test the API gateway route and call. Look for a successful reply. Finally, we tested the API gateway locally but now let’s make it externally available by deploying it. Click on deploy under the actions and create a stage for deployment.

• Access the deployed URL using a client tool like postman, or ARC and observe the response.

Apply policies/NFRs

• We have now integrated the AWS API gateway with our mule API and even tested the same. Let’s now apply some policies/NFRs like rate limiting, IP whitelisting, etc for our APIs.

• We need to first create an API key in the gateway for applying any policies. Navigate to the API key section on the gateway page and create one. Select auto-generate as the option.

• Navigate to the created key and save it handy.

• We have to create a usage plan to make use of the created API key. Navigate to the usage plan section on the gateway page and configure the options as desired and click on next.

• Next, there will be a prompt to add an API stage for the usage plan. Choose the stage that was created.

• Go back to the API key section >> add the created usage plan under Add to usage plan section.

• Recheck all the necessary parameters like the API key, stage is configured properly.

• Go to the actions drop-down again and redeploy the API gateway.

• Copy the deployed gateway URL to a client tool like postman, ARC, or any other client. After the limit exhaustion, we get a message with status 429. By this, we have implemented a rate-limiting policy with the AWS gateway for our Mule API.

• Working on blacklisting/whitelisting policy. Go Resource Policy section on the gateway page and analyze the options. Select the IP range to the deny list and observe the auto-populated script. And under aws:SourceIp field type in all the IPs that you want to blacklist.

• Redeploy the gateway API and URL from the blacklisted IP.

• We have successfully implemented NFR for our mule API with AWS gateway.

How to check the logs of gateway API.

• From the top right of the AWS console navigate to security credentials.

• Select roles on the next page. Click on create role and select API gateway and then click on next: permission and we can see by default a policy named AmazonAPIGatewayPushToCloudWatchLogs is applied.

• Click on next: tags and skip the next step as it’s optional >> Click on next:review and give any name for the defining role >> click on create the role. Select and copy the created role ARN.

• Go back to the gateway page and at the bottom left of the page select settings. Now under Cloudwatch role ARN paste the copied ARN. Click on save.

• Go to Stages section on the AWS gateway page and enable the Cloudwatch logs. We can select the category of the logs to display like INFO or ERROR. Click on the “Save and redeploy the API” option.

• Search for Cloudwatch logs in the search section and select log groups. In the search sections search for API-Gateway-Execution-Logs and there we are with the API gateway logs.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, from the MuleSoft AWS api gateway article we have successfully integrated the AWS API Gateway with the Mule APIs. As well we implemented the NFRs. With AWS API Gateway and Mule we can do a lot more by clubbing it with other out-of-the-box features of AWS.