Managing Multiple Environments (WSO2 API Gateway and Choreo Connect) with WSO2 API Manager Control Plane

WSO2 API Manager is used to build and manage APIs. It contains various number of features and one is managing multiple environments with control plane and the possibility to scale independently.

WSO2 API Manager supports two types of gateways. Choreo Connect (for decentralised microservice architecture) and the default API Gateway (for centralized architecture). You can find more detailed on the two flavours with this documentation

In this post, will guide you how we can deploy APIs in 2 different gateway environments using WSO2 API Manager. One environment would be an environment with the default API gateway and the other environment would be an environment with a single Choreo connect gateway.

Prerequisites

1. Download API Manager version 4.0.0 distribution from https://wso2.com/api-management/
2. Download the latest Choreo Connect distribution from https://wso2.com/choreo/choreo-connect/

Configure WSO2 API Manager with the Choreo Connect Environment

The following should be added to wso2am-4.x.x/repository/conf/deployment.toml and it will appear when deploying the APIs in the publisher portal.

Note1: I have done a port offset due to some port issue in my local machine so that default 9443 admin port is now exposed at 9444

Note2: Add apim in the /etc/hosts file to point to 127.0.0.1

The full deployment yaml can be found here.

Configure Choreo Connect to work with WSO2 API Manager

Following is a sample configuration for choreo connect when connecting to WSO2 API Manager as the control plane.

The following is the changes done in each section in the docker-compose.yaml

The zip will with already configured files can be found here.

Start the Servers

• Start API Manager with executing ./api-manager.sh from wso2am-4.x.x/bin
• Start Choreo Connect deployment by executing docker-compose up -d from choreo-connect-1.1.0/docker-compose/choreo-connect

Changing the JWKS endpoint URL so its accessible for the Choreo Connect to connect

Goto https://localhost:9444/admin and follow the screen captures

Click on “Key Managers” and select the “Resident Key Manager”

Give the hostname as per the “extra_hosts” in the docker-compose.yaml in the Choreo connect and “Update” the Key Manager settings.

Creating and Publishing and API in Choreo Connect Deployment

Goto https://localhost:9444/publisher and follow the screen captures to create and API and publish to the Micro Gateway environment.

Click on the create API on the top left corner

Select start from scratch

Enter the your API information on the form. Note that the endpoint should be reachable with the choreo connect (since its on docker)

On the opened page, click on “Resources” from the left panel and you will be getting dummy resources. You can delete all those and add your resource and click on the “+” icon and save and deploy

There will be a pop up and you have to select the environment as “MicroGatewayEnv”. As you could see there is a “Default” environment as well which is the default traditional gateway that gets deployed with the vanilla API Manager product.

click on “Lifecycle” from the left panel and click on “Publish” to pubish the API on the Developer Portal for the visibility of the application developers.

Subscribing and Invoking the API in the Choreo Connect Environment

Fist we need to create an application to generate keys and generate access tokens to invoke the APIs. As per the image below, click on “Applications” and then create a new application by cloicking on “Add New Application”

Provide the necessary details to create the application and click on “save”

Goto “OAuth2 Tokens” section in the created application.

And scroll down to generate the keys for the application. And click on “Generate Keys”

Afterwards, click on “gGenerate Access Token” and save the token.

On the left panel, click on “Subscriptions” and subscribe to the created API.

Click on “APIs” in the top left and click on your API.

Provide the saved access token and make sure the correct environment is selected. And then click on the swagger component as shown below.

Click on try out.

And provide the necessary payload information and click on “Execute”

Afterwards, you will be able to see the response and also you will get the cURL to invoke the API as well. In that, you could see its providing the URL for the Choreo connect deployment.

curl -X 'GET' \
  'https://localhost:9095/customerinfo/1.0.0/rest/customer/John' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer eyJ4NXQiOiJOMkpqTWpOaU0yRXhZalJrTnpaalptWTFZVEF4Tm1GbE5qZzRPV1UxWVdRMll6YzFObVk1TlEiLCJraWQiOiJNREpsTmpJeE4yRTFPR1psT0dWbU1HUXhPVEZsTXpCbU5tRmpaalEwWTJZd09HWTBOMkkwWXpFNFl6WmpOalJoWW1SbU1tUTBPRGRpTkRoak1HRXdNQV9SUzI1NiIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhZG1pbiIsImF1dCI6IkFQUExJQ0FUSU9OIiwiYXVkIjoiTzJzVzgxYnJ2RlZQRWpsYnplelJ1X3JxdFBVYSIsIm5iZiI6MTY2ODQxMjEzMSwiYXpwIjoiTzJzVzgxYnJ2RlZQRWpsYnplelJ1X3JxdFBVYSIsInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsInJlYWxtIjp7InNpZ25pbmdfdGVuYW50IjoiY2FyYm9uLnN1cGVyIn0sImV4cCI6MTY2ODQxNTczMSwiaWF0IjoxNjY4NDEyMTMxLCJqdGkiOiJjYzQ4YTI0YS0wYmQxLTQzYzAtODgxMC03YzYwZWZiYzg2N2EifQ.JIaK_VGSFTUiD5T1Nvaas2qLxw5xk3MqQtHx3FCfqrGw1XNX6tqWMM4Jo7EMy1UoyKEKzgjvsqfpfxP8MqzW-nhoBaXNU9Me3DMnEaOisQDuEcRGCAR8_APO0uVmAYTh804Dq0Bq4rJbvsi0i8BQsxhYCdG_REEShfsss_eB1O8pxFz0joC1q-zacHeOR59DS6vc3zrIM48FKAV5VzDqu3KaV9IqK2l8QUZOjux-a5W70CXySWoGYMNzcto7ac8BP0BGJ42zbs9wj2PXylg6EGK8UEjjkF_KRAxy7EUGCZy_fEqsGThDEspq3dbR_CELQN4XUzihE4pguZp3h6bXlA'

Note: Incase you are working with the default WSO2 API Manager pack, the certificate will not be trusted with the browser and just enter “https://localhost:9095/customerinfo” in the browser and accept the certificate or just type “thisisunsafe” and execute again.

As before, you can deploy the same or a new API to the “Default” environment and invoke in the same manner.

Hope you get to know how to WSO2 API Manager can manage several gateway environments with the single control plane.