remkohdev
  • Learn to Code
  • About Me
  • CI/CD
    • DevOps101
      • Welcome
  • OpenShift
    • Setup OpenShift
      • Setup Minishift
    • Builds
      • Source-to-Image (S2I)
        • Setup S2I
        • Build, Run, Deploy from Source
      • Jenkins Pipeline
    • Jenkins as a Service
      • Setup Jenkins on Openshift
      • Create a Pipeline for Java Spring Boot
  • Istio
    • Setup Istio on IKS
      • Login to IKS
    • Setup Istio on Openshift 3.11
    • Traffic Shifts with a VirtualService
    • Telemetry of Metrics using Prometheus
    • Telemetry of Distributed Tracing using Jaeger
    • Security with Mutual TLS (mTLS)
  • Apache Kafka
    • Setup Apache Kafka on IBM Cloud
    • Setup Apache Kafka on OpenShift
    • Produce and Consume Streams with Kafka Console Tools
    • Produce and Consume Streams with Spring Boot
    • Using the Event Streams CLI
    • Kafka Admin API
  • API Connect
    • APIC CLI
      • Manage API Lifecycle with apic
    • Securing your API
      • Setup AppID
      • Setup API Connect
      • Optional: Add Node-RED Test Server
      • Add 3rd Party OAuth OIDC
        • Create a Custom AppID API
        • Add a Security Definition to your API
Powered by GitBook
On this page

Was this helpful?

  1. API Connect
  2. Securing your API

Optional: Add Node-RED Test Server

PreviousSetup API ConnectNextAdd 3rd Party OAuth OIDC

Last updated 5 years ago

Was this helpful?

Create a Node-RED instance that copies the workflow of the /token and /introspect requests. This is the exact workflow that the Gateway Script in the DataPower Gateway in API Connect Assembly should implement, but testing the workflow in Node-RED is a lot easier and quicker, and will validate the remaining of the configuration of API Connect.

  • Go to the ,

  • Search the catalog... for Node-RED Starter, or

  • Go to or browse to the Starter Kits category,

  • Select the Node-RED Starter service,

  • Optionally, choose to change the region,

  • Enter a globally unique App name,

  • Optionally, change the Domain to <region>.cf.appdomain.cloud,

  • Click the Create button,

Create the /introspect workflow in NodeRed

  • Wait until the Node-RED instance successfully running,

  • Click the Visit App URL link to open the Node-RED app, the Node-RED configuration page loads,

  • Click Next,

  • Enter a username and password to secure your instance,

    • Flows and changes to Node-RED are written to Cloudant NoSQL database, so you want to secure access in order to protect your flows,

  • Optionally, check the option Allow anyone to view the editor, but not make any changes,

  • Click Next, Next and Finish,

  • Once your settings are applied, you see the Node-RED home page,

  • Make note of the URL of the Node-RED home page, e.g. https://<nodered-app-name>.us-south.cf.appdomain.cloud/, you will need this to configure the API Connect Security Definition to secure your API,

  • Click the Go to your Node-RED flow editor button in the web page, to load the Node-RED editor,

  • Enter your username and password,

  • Click Login,

  • The Node-RED editor loads,

  • In the top right, click the Profile icon, and make sure you are logged in, to have editor rights,

  • Copy the Flow JSON at the bottom of the page,

  • Go back to the Node-RED editor,

  • From the top-right menu, go to Import

  • Click Import,

  • Drag the imported workflow to the top left of the editor,

  • Click the Deploy button in the top-right of the page,

Configure the /introspect workflow in NodeRed

  • In the Node-RED editor, double click the first http request node, which opens the node's configuration window for the POST /token request,

  • Change the URL by replacing tenantid by your AppID tenantid,

  • Under Use authentication, change the Username by the ClientID of your AppID credentials,

  • Under Use authentication, change the Password by the secret of your AppID credentials,

  • Make sure the Return is set to a parsed JSON object,

  • In the Node-RED editor, double click the second http request node, which opens the node's configuration window for the POST /introspect request,

  • Change the URL by replacing tenantid by your AppID tenantid,

  • Under Use authentication, change the Username by the ClientID of your AppID credentials,

  • Under Use authentication, change the Password by the secret of your AppID credentials,

  • Make sure the Return is set to a parsed JSON object,

  • Click the Deploy button,

  • Optionally, link the nodes to the logs or Debug nodes to display debugging information in the right side bar,

  • Click the Deploy button again if you made any changes,

  • You now should have an POST /introspect endpoint accessable at POST https://<nodered-app-name>.us-south.cf.appdomain.cloud/introspect,

Go to the Node-RED flow to

Paste the copied Flow JSON from the flow,

Integrate API Connect with AppID OAuth OIDC Provider for Easy API Security
Integrate API Connect with AppID OAuth OIDC Provider for Easy API Security
IBM Cloud Catalog