API External Servers are used by Gateway API Endpoints to specify connections to external API servers using HTTP or HTTPS.
↓Parent Component
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The API External Server component inherits from the HTTP External Server
The following components have a direct aggregation relation from API External Servers:
The following components have a direct aggregation relation to API External Servers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ connect-timeout |
| ↓ base-url | ↓ response-timeout |
| ↓ hostname-verification-method | |
| ↓ key-manager-provider | |
| ↓ trust-manager-provider | |
| ↓ ssl-cert-nickname | |
| ↓ allowed-header | |
| ↓ user-name | |
| ↓ password |
| Description | A description for this External Server |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The base URL of the external server, optionally including port number, for example "https://externalService:9031". This property specifies the protocol scheme, hostname, and optional port number of the API External Server. The base URL must not contain a path, query string, or segment. Specify an API server's base path using a Gateway API Endpoint's outbound-base-path property instead. |
| Default Value | None |
| Allowed Values | An absolute URL, or a relative URL |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism for checking if the hostname of the API External Server matches the name(s) stored inside the server's X.509 certificate. This is only applicable if SSL is being used for connection security. |
| Default Value | strict |
| Allowed Values | allow-all - This mechanism turns hostname verification off. strict - This mechanism works the same way as the Java Runtime Environment. It is also compliant with RFC 2818 for dealing with wildcards. The hostname must match any of the Subject Alternative Names or the first CN. A wildcard can occur in the CN, and in any of the Subject Alternative Names. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com". |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The key manager provider to use if SSL (HTTPS) is to be used for connection-level security. When specifying a value for this property (except when using the Null key manager provider) you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store. |
| Default Value | The Java Runtime Environment's default key manager will be used |
| Allowed Values | The DN of any Key Manager Provider. The associated key manager provider must exist and must be enabled if SSL is to be used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The trust manager provider to use if SSL (HTTPS) is to be used for connection-level security. |
| Default Value | The Java Runtime Environment's default trust manager will be used |
| Allowed Values | The DN of any Trust Manager Provider. The associated trust manager provider must exist and must be enabled if SSL is to be used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The certificate alias within the keystore to use if SSL (HTTPS) is to be used for connection-level security. When specifying a value for this property you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store. |
| Default Value | A certificate will be chosen from the key manager arbitrarily. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A list of HTTP headers that will be forwarded by the PingAuthorize Server to the downstream API server. By default, the PingAuthorize Server will forward all end-to-end headers from the original request to the downstream API server, with some exceptions that are listed below. If this property is specified, however, then only the headers named in this property will be forwarded (again, with some exceptions listed below). Two categories of HTTP headers are never forwarded.
|
| Default Value | If this property is not specified, then all end-to-end request headers will be forwarded to the downstream API server, except for a subset of headers that are never forwarded by the PingAuthorize Server. |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the login account to use for HTTP requests to the downstream API server using basic authentication. This property is ignored unless an associated Gateway API Endpoint's http-auth-evaluation-behavior property is set to "evaluate-and-replace". |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the login password to use for HTTP requests to the downstream API server using basic authentication. This property is ignored unless an associated Gateway API Endpoint's http-auth-evaluation-behavior property is set to "evaluate-and-replace". |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
connect-timeout (Advanced Property)
| Description | Specifies the maximum length of time to wait for a connection to be established before aborting a request to the server. A value of zero seconds indicates that no connect timeout should be enforced, although the network stack of the underlying operating system may enforce a limit. |
| Default Value | 30 seconds |
| Allowed Values | A duration. Lower limit is 0 milliseconds. Upper limit is 2147483647 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
response-timeout (Advanced Property)
| Description | Specifies the maximum length of time to wait for response data to be read from an established connection before aborting a request to the server. A value of zero seconds indicates that no response timeout should be enforced, although the network stack of the underlying operating system may enforce a limit. |
| Default Value | 30 seconds |
| Allowed Values | A duration. Lower limit is 0 milliseconds. Upper limit is 2147483647 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured External Servers:
dsconfig list-external-servers
[--property {propertyName}] ...
To view the configuration for an existing External Server:
dsconfig get-external-server-prop
--server-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing External Server:
dsconfig set-external-server-prop
--server-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new API External Server:
dsconfig create-external-server
--server-name {name}
--set base-url:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing External Server:
dsconfig delete-external-server
--server-name {name}