Configuring a Gateway Integration Endpoint - REST

Once a gateway integration endpoint has been created and the external system (Amazon S3 Blob Storage, Microsoft Azure Blob Storage, or REST) has been selected, the configuration settings allow you to identify the server housing the required data.

To use mTLS with this type of endpoint, refer to the Mutual Transport Layer Security topic here.

The following steps are for REST configuration.

  1. On the Gateway Integration Endpoint Configuration dialog, use the following parameters to specify which external system the gateway integration endpoint will access.

    • Server URL - The URL of the server to be accessed. The available URLs are system dependent and must be configured in the sharedconfig.properties file using the RESTGateway.ServerURL property. If necessary, use a comma to separate multiple URLs. The following is an example of a complete property entry for two systems named 'qa' and 'stage,' as well as their URLs 'http://step-qa' and 'http://step-stage':

        RESTGateway.ServerURL=qa=http://step-qa,stage=http://step-stage
    • Default content type - Data format or content type to be used for the endpoint. Type your own or select from the dropdown list of the most commonly used options.

    • SSL trust store location - The trust store holds certificates that verify that the system can be trusted. To display a trust store in the dropdown, either update the legacy 'RESTGateway.SSLTrustStoreLocation' property in the sharedconfig.properties file or to configure a trust store to work globally, use the 'SSL.Default.Truststore.Location property, as defined in the Mutual Transport Layer Security topic here.

      Note: The 'RESTGateway.SSLTrustStoreLocation' property does not work in conjunction with an outbound mTLS certificate configured in the SSL.Default.Keystore.Location the SSL.<Alias>.Keystore.Location properties. If you need a trust store in conjunction with mTLS, it must be configured using the SSL.Default.Truststore.Location property.

      If no trust store locations are selected, the gateway connection is not configured to use SSL encryption and the connection will be established using a certificate signed by a recognized CA such as Verisign or Thawte.

    • Proxy Configuration - Select from this dropdown if the gateway connection must first pass through a proxy server with its own login requirement. The configurations that appear in this dropdown are populated from properties added into the sharedconfig.properties file using the dynamic property 'RESTGateway.ProxyConfiguration.' Refer to the Proxy Configuration Setup section below for details.

    • Statistic groups - Optional. Regular expression can be used to group executed REST methods on the endpoint's Statistics tab. The regular expression must match the entire URL, for example, .*/products/.*. Use the regular expression syntax available in Java in java.util.regex.Pattern class. For more information, refer to the Gateway Integration Endpoint Statistics section (here) or the Regular Expression topic in the Resource Materials online help (here).

  2. Click Save to complete the configuration.

  3. Create a business action to access the gateway endpoint. For details, refer to Gateway Integration Endpoint Bind in the Resource Materials online help here.

Authentication

The gateway integration endpoint REST plugin supports both basic authentication and token-based authentication.

Basic Authentication

With preemptive authentication enabled, the basic authentication value for the Authorization header will be sent with the first request to the external service instead of only sending the value after having received a basic authentication challenge from the service.

Token-Based Authentication

With the token-based authentication option, the responsibility for producing any required request headers is delegated to a business function. The business function must be configured to not expect any input and must produce a Map<String, String>, each map entry being a header to be sent with the request to the service.

The screenshot below shows the editor for a compatible business function that retrieves a token using the OAuth 2.0 client credentials flow and passes back to the gateway integration endpoint REST plugin as a value for the Authorization header.

The JavaScript shown above can be copied below:

Copy
var map = new java.util.HashMap();
map.put("grant_type", "client_credentials");
map.put("client_id", "m2m");
map.put("client_secret", clientSecret);

var request = giep.post().urlEncodedBody(map);
var response;

try {
    response = request.invoke();
} catch (e) {
    if (e.javaException instanceof com.stibo.gateway.rest.RESTGatewayException) {
        throw "Error getting token: " + e.javaException.getMessage();
    } else {
        throw (e);
    }
}
var obj = JSON.parse(response + "");
var authHeaderValue = "Bearer " + obj.access_token;

var resultMap = new java.util.HashMap();
resultMap.put("Authorization", authHeaderValue);

return resultMap;

The parameter for selecting the business function is the 'Auth Header Value Function.' The REST plugin will automatically call the business function when a new token is required.

Code for obtaining an MLAC token is as follows; for more information, refer to the Machine Learning-Based Auto Classification Integration section here:

Copy
   function getToken() {
var body = {};
body.username = "user";
body.password = secret;
var bodyString = JSON.stringify(body);

var tokenRequest = gateway.post().pathElements("mlac","v1","token").acceptContentType("text/plain").body(bodyString);

var tokenResponse;
try {
tokenResponse = tokenRequest.invoke();
} catch(e) {
if (e.javaException instanceof com.stibo.gateway.rest.RESTGatewayException) {
throw "Error getting token: " + e.javaException.getMessage();
} else {
throw(e);
}
}
return tokenResponse;
}

var token = getToken();




var resultMap = new java.util.HashMap();
resultMap.put("Authorization",token );

return resultMap; 

Note: It is strongly discouraged to configure both basic authentication and token-based authentication, and this configuration is not supported.

Proxy Configuration Setup

The following are two examples of how the dynamic RESTGateway.ProxyConfiguration property can be configured:

RESTGateway.ProxyConfiguration.1=ProxyConfig1,10.64.8.253,808,username,password
RESTGateway.ProxyConfiguration.2=ProxyConfig2,10.64.9.253,64,user10,password1

To break the first of these two properties into its component parts (each element separated by commas), refer to the screenshot and the numbered list below:

  1. Required text to enable the REST Gateway Proxy configuration property

  2. The name of the configuration. This is what will appear in the dropdown as a selectable option, like so:

  3. The IP of the proxy server being accessed

  4. The port of the proxy server being accessed

  5. The username for the proxy server being accessed (optional)

  6. The password for the proxy server being accessed (optional)