Configure API Portal

This section describes how to configure the following on API Portal:

These configurations apply to both virtual appliance and software installations.

For details how to configure the look and feel of your API Portal end-user interface, see the API Portal Administrator Guide.

Configure the SSL certificate

To enable SSL on API Portal, you must configure Apache database to use the correct certificate.

Configure Apache database in virtual appliance installation

API Gateway Appliance includes a self-signed certificate that enables HTTPS out-of-the-box. It is recommended that you replace it with a certificate tied to the host server and issued by the Certificate Authority (CA).

If you have API Portal running on API Gateway Appliance and you do not have an existing certificate, you can create or upload one using the Web Administrator Interface (WAI) of your virtual appliance. For more details, see Create an SSL certificate in the API Gateway Appliance Installation and Administration Guide.

  1. Import the SSL certificate, the root certificate, and any intermediate certificates to NSS database using the Certificate Database Tool (certutil):
  2. certutil -A -d <NSS database directory> -n <certificate nickname> -t CT,C,C -a -i <certificate file>

    For example:

    certutil -A -d /etc/apache2/mod_nss.d -n SSL-Cert -t ,, -a -i ssl.crt

    certutil -A -d /etc/apache2/mod_nss.d -n Root-Cert -t CT,C,C -a -i rootcert.crt

    certutil -A -d /etc/apache2/mod_nss.d -n Intermediate-Cert -t ,, -a -i intermediate.crt

    Note   You must import the root certificate with the C trust attribute set for SSL, otherwise the Apache service fails.

    For more details on certutil and the parameters, see NSS certutil documentation.

  3. To check that the certificates are successfully imported, list the certificates in the database:
  4. certutil -L -d <NSS database directory>

    An example output looks like this:

    Certificate Nickname       Trust Attributes
                                SSL,S/MIME,JAR/XPI
    ......
    <your CA cert nickname>     u,u,u

    Note   The trust attributes must be u,u,u. This shows that NSS has found a private key and linked it to the imported certificate.
  5. Open the /etc/apache2/vhosts.d/apiportal.conf file.
  6. Change the following line:
  7. NSSNickname Server-Cert
  8. to:

  9. NSSNickname <your CA certificate nickname>
  10. Restart the apache2 service.

Configure Apache database in software installation

  1. Open the /etc/httpd/conf.d/apiportal.conf file.
  2. Change SSLCertificateFile and SSLCertificateKeyFile to point to your CA certificate and key files.
  3. Restart the apache2 service.

Protect Joomla! Administration Interface from direct Internet access

To counter a session fixation vulnerability in Joomla!, it is recommended that you protect the Joomla! Administration Interface (JAI) from direct Internet access.

  1. Open the following file:
    • Virtual appliance installation: /etc/httpd/conf.d/security.conf
    • Software installation: /etc/apache2/conf.d/security.conf
  2. Add an access restriction directive for the /administrator location. Specify the internal IP address range that is allowed to access JAI. For example:
  3. ServerTokens ProductOnly
    ServerSignature Off
      <Location /administrator>
        Order deny,allow
        deny from all
        allow from 10.232.14.
      </Location>

  4. To restart the web server configuration, enter the following:
  5. # /etc/init.d/apache2 reload

Limit the number of login attempts

By default, Joomla! allows unlimited login attempts, which may pose a security risk. To protect your API Portal and JAI from brute force attacks, do the following:

  1. Log in to JAI (https://<API Portal host>/administrator), and click Extensions > Plugins.
  2. Find the plugin LoginGuard Basic.
  3. Set the limit for allowed login attempts and how long the account is locked if this limit is reached.
  4. Ensure Lock by: Username is selected, and click Save.

Change the location of API Portal log files

By default, API Portal saves the Apache log files in the htdocs directory. To increase the protection, you can configure a different location in your file system where to save the log files. Ensure that Apache has permission to write to the selected location.

  1. Log in to JAI, and click System > Global Configuration.
  2. On the System tab, change Path to Log Folder to point to the location you want, and click Save.

Terms and conditions text configuration

To specify the API Portal Terms & Conditions content, modify or replace the contents of the following file:

/opt/axway/apiportal/htdoc/components/com_apiportal/views/terms/tmpl/default.php

Copyright notice configuration

The copyright notice that is displayed at the bottom of the API Portal pages can be customized when you edit the following file:

/opt/axway/apiportal/htdoc/templates/purity_iii/tpls/blocks/footer.php

Related Links