Configuring API portal for VMware Tanzu on Tanzu Application Service

API portal for VMware Tanzu supports deployments in both Kubernetes and Tanzu Application Service (TAS). This guide covers the specifics for TAS.

For any change in the API portal configuration, the application must be restarted.

cf restart APP_NAME

Modifying OpenAPI Source URL Locations

API portal for VMware Tanzu displays API Groups and detailed documentation from OpenAPI source URL locations in JSON format. To modify the OpenAPI source URL locations, edit application’s environment variable API_PORTAL_SOURCE_URLS.

cf set-env APP_NAME API_PORTAL_SOURCE_URLS "https://petstore.swagger.io/v2/swagger.json, https://petstore3.swagger.io/api/v3/openapi.json"

Configure OpenAPI Source URLs Cache Time-to-live and Request Timeout

To improve performance and reduce traffic, API portal caches OpenAPI descriptors locally. The following options are available:

Environment Variable Key Description Default value
API_PORTAL_SOURCE_URLS_CACHE_TTL_SEC Time after which they will be refreshed (in seconds) 300 sec
API_PORTAL_SOURCE_URLS_TIMEOUT_SEC Timeout for remote OpenAPI retrieval (in seconds) 10 sec

For example, to modify the cache ttl to 2 minutes, and timeout to 1 minutes, you may run the following command:

cf set-env api-portal API_PORTAL_SOURCE_URLS_CACHE_TTL_SEC=120
cf set-env api-portal API_PORTAL_SOURCE_URLS_TIMEOUT_SEC=60

Configure Single Sign-On (SSO)

You will first need to have configure SSO on TAS. See the Single Sign‑On for VMware Tanzu service instance for more details

Once you have set up SSO you will update your manifest.yaml to make the following changes:

  1. Bind to the SSO service you have configured in your TAS environment. In the example below my-sso-service is used, but substitute in the name of the SSO Service you configured.
  2. Replace -Dsso.enabled=false with -Dsso.user-name-attribute=user_name. Replace user_name with the sso attribute for your provider that contains the username you want displayed in the upper right hand corner of API Portal. (If using UAA leave it as user_name)
---
applications:
  - name: api-portal
    buildpacks:
      - java_buildpack_offline
    services:
      - my-sso-service
    env:
      JAVA_OPTS: '-Dsso.user-name-attribute=user_name'
      JBP_CONFIG_OPEN_JDK_JRE: '{ "jre": { version: 17.+ } }'

Spring Cloud Gateway CORS Configuration and Self-signed Cert Configuration

In order for API portal for VMware Tanzu to support trying out APIs in the web browser, the OpenAPI locations provided in API_PORTAL_SOURCE_URLS must allow CORS access from the API portal URL. In the case of Spring Cloud Gateway, their CORS configuration must be configured to allow this access. Please review the documentation for CORS configuration for the Spring Cloud Gateway product you are using:

In case the OpenAPI server url uses self-signed certs, you might need to do the following steps for your system to trust the cert and use some features on API portal.

In MacOS:

  1. Open the server URL in a new Safari tab
  2. In the dialogue, click “Visit site anyway” and enter password
  3. The self-signed cert will now be imported into Safari and try it out works

Read more here: Source link