API Gateway prerequisites

This topic describes the prerequisites for running API Gateway on the Axway Appliance Platform.

License keys

You must have valid license keys for the API Gateway components you want to use. For example, you must have a license to run an API Gateway instance on the appliance. For more information on the license keys required for API Gateway, see the API Gateway Installation Guide.

License keys are preinstalled on a physical appliance. On a virtual appliance, you must copy the required license keys to the location:

INSTALL_DIR/conf/licenses

INSTALL_DIR is the installation location of the API Gateway software on the appliance (for example, /opt/Axway-7.5.3/apigateway). You can upload a license file from a local machine to the appliance using the Web Administration Interface. For more information, see Upload and download files.

Default ports

The default ports enabled on the firewall for specific services are as follows:

Service

Protocol

Port

Apache Cassandra (communication between Cassandra nodes) TCP 7000
API Gateway (business traffic, management traffic) TCP 8080, 8090
HTTP TCP 80
HTTPS TCP 443
LDAP TCP 389
LDAPS TCP 636
MySQL DB TCP 3306
Oracle DB TCP 1521
SSH TCP 22
Web Administration Interface TCP 10000

Virtual Router Redundancy Protocol (VRRP) access to 224.0.0.18 is also enabled for keepalived configuration. For more details, see High availability clustering with keepalived.

The following ports are also commonly used, but are not enabled by default:

Service

Protocol

Port

Apache ActiveMQ TCP 61616
Apache Cassandra (communication between Cassandra nodes if SSL is configured) TCP 7001
Apache Cassandra (API Gateway client connections) TCP 9042
Apache Cassandra (JMX) TCP 7199
API Gateway (management traffic between API Gateway and Admin Node Manager) TCP 8085

API Manager (if enabled)

TCP

8075
API Manager (if enabled) traffic port TCP 8065
FTP TCP 21
FTPS (implicit) TCP 989, 990
IBM WebSphere MQ TCP 1414
NTP UDP 123
POP3 TCP 110
POP3S TCP 995
Radius TCP 1545
SNMP TCP 25
SNMP UDP 161
SonicMQ UDP 2506
Syslog UDP 514

For more information on opening additional ports in the firewall, see Configure the Linux firewall and Linux firewall example use cases.

API Gateway privileges

The API Gateway (vshell) process on the appliance runs as the administrator user. However, to allow the API Gateway process to listen on privileged Internet ports (less than 1024), the vshell executable has been granted the CAP_NET_BIND capability. From a security point of view, this is safer than running the API Gateway process as the superuser (root).

For more information on running API Gateway as a non-root user on UNIX/Linux, see the API Gateway Administrator Guide.

Apache Cassandra

Apache Cassandra is required to store data for API Manager. Apache Cassandra can also be used in API Gateway for custom KPS data, for OAuth client application data, or for API keys. For more information on configuring Apache Cassandra on the API Gateway Appliance, see Configure Cassandra HA on the appliance.

Related Links