3.4 Creating and Publishing a WebSocket API

Secure API Manager allows you to create WebSocket APIs. WebSocket is a protocol similar to HTTP that is part of the HTML 5 specification. The WebSocket protocol enables real-time interaction between a web client (such as a browser) and a web server with low overheads. For more information, see Required Knowledge.

A WebSocket API allows a developer to expose WebSocket services as an API while providing OAuth security, throttling, analytics, and so forth through Secure API Manager.

Secure API Manager uses the Access Manager Gateway to deploy WebSocket APIs.

To configure WebSocket reverse proxy in Access Manager:

  1. On the dashboard, click the Access Gateways icon.

  2. Next to the gateway cluster, click Edit.

  3. Click Reverse Proxy / Authentication.

  4. For Identity Server Cluster, select your identity provider cluster.

  5. Under Proxy Settings, ensure that Enable Via Header is selected.

  6. In the Reverse Proxy List section, click New.

  7. Provide a name for the reverse proxy, then click OK.

  8. In the Proxy Service List, click New.

  9. Provide a name for the proxy service.

  10. For the Published DNS Name, enter the gateway DNS name.

  11. For the Web Server IP Address, enter the IP address of the Secure API Manager gateway or L4 switch.

  12. For the Host Header, select Forward Received Host Name.

  13. Click OK.

  14. Select Enable SSL between Browser and Access Gateway.

  15. Ensure that Enable SSL with Embedded Service Provider and Redirect Requests from Non-Secure Port to Secure Port are selected.

  16. Click Auto-generate Key, then click OK. Click OK again.

  17. For Non-Secure Port, enter the appropriate port (80).

  18. For Secure Port, enter the appropriate port (443).

  19. Under the Web Server Addresses column in the Proxy Service List, click the IP address.

  20. Ensure that Enable Session Stickiness is selected and Connect Using SSL is deselected.

  21. For Connect Port:

    • Select 9100 if you are using combined admins and gateways

    • Select 9102 if you using separate admins and gateways

  22. On the Protected Resources tab, click New.

  23. Provide a name for the protected resource, then click OK.

  24. (Optional) Provide a description for the protected resource.

  25. For Authentication Procedure, select OAuth Token.

  26. In the URL Path List section, click New.

  27. For URL Path, enter /wss*, then click OK.

  28. Deselect the /wss path and select the /* path, then click Delete. Click OK.

  29. Click OK four times until you are on the Access Gateway Servers page.

  30. Click Security > Trusted Roots.

  31. Click Auto-Import From Server.

  32. For Server IP/DNS, provide the IP or DNS for the Secure API Manager gateway (L4 switch or each Secure API Manager gateway).

  33. For Server Port, enter 9443.

  34. Provide a name for the certificate and click OK.

  35. Click OK. With the new trusted root selected, click Add Trusted Roots to Trust Stores.

  36. Click the pencil next to Trust store(s).

  37. Select all(?) the trust stores and click OK, then click OK again.

  38. Click OK to add the trusted roots to the trust stores.

  39. Click Close.

  40. Update the Identity Servers and Access Gateways.

You can test and ensure that the WebSocket API works by accessing the new WebSocket API in Store. For more information, see Invoking and Testing the WebSocket APIs. If you have documentation to add to the API, proceed to Section 6.0, Managing Documentation for the APIs.