Layer7 API Management

Hi,

 Does API Gateway support connection over TCP/IP Socket ? OR we can only expose APIs through HTTP/HTTPs connections through Gateway? We have a client, who wants to send data over TCP/IP Socket. Can API Gateway support this type of data transfer?

Thanks,

Siddharth

Hi Siddharth,

I am not quite clear on the question, are you referring to Websockets? Or perhaps just looking for the ability to bind a particular service to a port? If you can provide some more detail it would be appreciated.

WebSocket Scenarios - CA API Gateway - 9.1 - CA Technologies Documentation 

Regards,

Joe

Siddharth,

There is a Tactical custom assertion called the 'ExtensibleSocketConnector Assertion'

Overview:

The Extensible Socket Connector assertion allows the gateway to attach policies to custom TCP protocols used between clients and servers. A TCP client connects to an extensible socket connector listener port. The gateway will decode the message so that the request message can be evaluated against a policy, and the response will be returned to the TCP client. During policy execution, the gateway can connect to a server's TCP port. It will send a message to the server after properly encoding it using a codec. The server will return a response and they gateway will decode it using the same codec. The resulting message is available in policy afterwards.

Is this something you're looking for?

- Alec Daniello

Hi Siddharth,

To add to Alec's reply. If you would like to get the 'ExtensibleSocketConnector Assertion', please raise a support case explaining your use case. CA support will review and let you know if there are major implications of using this assertion.

Regards

Seenu Mathew

Hi, 

 We are using Gateway version 9.0. I am not sure weather this tactical assertion is available with this version.

 Do you have any idea if CA is planning to have this as part of core product in future releases?

Thanks,

Siddharth

Hi Siddharth,

Yes ExtensibleSocketConnector is avaiable for 9.0. Please raise a support case with the use case to get this assertion.

Regards

Seenu Mathew

Hi Seenu,

 We are working with support on this. Meanwhile could you please let us know what are pre-requisite at network level (like >VPN etc) to use this feature. It will be helpful if you could let me know about the security considerations, which need to be put in place while using TCP/IP connectivity with an external client.

Thanks,

Siddharth

Hi Siddharth,

There are no major pre-requsists. You will be sent some documentation of how to use the tactical assertion.

Regards

Seenu mathew 

Hi

   This thread is old , still wanted to check by asking these questions. We are on API gateway 9.0 and got the tactical assertion from CA support. By creating new socket connections for TCP socket listener on the api gateway, is this not a security risk - opening up a TCP port on the gateway beyond the original https end points that are exposed on the gateway ? Is this a recommended solution from a security stand point to open up a TCP port on the api gateway to act as the TCP socket listener when the gateway is located on the DMZ and receives call from cloud applications ? Our need for the api gateway to act as the tcp socket listener is more for internal communication ( within corporate firewall ) but just wanted to know the risks of enabling tcp socket listener on the api gateway.