Monitoring the Endpoints of Private APIs
API Functional Monitoring (AFM) lets you monitor private APIs if you have a subscription to Anypoint Virtual Private Cloud (Anypoint VPC).
Private APIs are APIs with endpoints that are accessible only within your network.
With Anypoint VPC, you can run workers in CloudHub in a virtual, private, and isolated network segment, rather than in a region in which resources are shared. A private location is a worker that runs in a CloudHub environment that is associated with an instance of Anypoint VPC. AFM can create workers within Anypoint VPC that can run tests against APIs that are accessible only within the network that Anypoint VPC is configured for. The APIs must be deployed in CloudHub. You can create multiple private locations in a single instance of Anypoint VPC.
You can also test public APIs by using private locations. Public APIs are APIs with endpoints that are exposed to the internet.
Also, you can test private APIs from public locations if you whitelist the IP addresses of those locations. You might want to test a private API from a public location if you do not want to use vCores on testing private APIs or if you have no vCores available.
In Runtime Manager, add a new rule to the firewall for Anypoint Virtual Private Cloud (Anypoint VPC). The type must be https.port, the source must be Custom, and the port range 8081. For the source, use an IP address from this list:
For the steps of adding a rule to a firewall, see VPC Firewall Rules
The tests in monitors are run on schedules. For a private location to run according to a schedule, a schedule must be associated with it. A private location can be associated with more than one schedule for more than one monitor.
When you use private locations, you can run as many workers as your allotment of vCores allows. By default, each worker consumes 0.2 vCores. Therefore, MuleSoft does not limit the number of schedules that you can create for tests that are run from private locations.
Also, you can run tests from private locations at shorter intervals, with the shortest interval being five minutes.
Before you can run tests from a private location, you must create a private location, which involves specifying a name and an environment for the worker to run in. The environment must be associated with an instance of Anypoint VPC and must be the same environment that an API to be tested is deployed in. For example, you might create a private location that you name
myLocation and set it to run in environment
myEnvironment. When you choose to run a test in
myLocation, AFM allocates a worker in
myEnvironment in Anypoint Virtual Private Cloud.
All incoming HTTP traffic must be allowed into the environment where a private location is running. If incoming HTTP traffic is blocked, requests sent by a schedule cannot reach the private location, and the location does not run tests.
The following diagram depicts the types of relationship that can exist between monitors, private locations, APIs, and environments. It shows five monitors created in AFM. It also shows an instance of Anypoint VPC in CloudHub in which there are two associated environments: Environment A and Environment B. In Environment A, there are four private locations and seven APIs being tested. In Environment B, there are one private location and three APIs to be tested. The different line types depict five relationship types.
First relationship type (represented by solid black arrows)
Monitor 1 runs on a single schedule. The schedule is associated with Private Location 1. The monitor is written to test one or more endpoints in private API 1 and in private API 2, though it could also test endpoints in more private APIs. The private location and the APIs are all in a single environment.
Second relationship type (represented by dashed green arrows)
Monitor 2 runs on two separate schedules, and each is associated with the same private location. The private location is shared with the schedule that runs Monitor 1. Monitor 2 is written to test one or more endpoints in private API 3 and in private API 4, though it could also test endpoints in more private APIs. The private locations and both APIs are all in a single environment.
Third relationship type (represented by dashed-and-dotted blue arrows)
Monitor 3 runs on two separate schedules, and each is associated with a different private location. Monitor 3 is written to test one or more endpoints in API 5 and in API 6, though it could also test endpoints in more private APIs.
Fourth relationship type (represented by dotted orange arrows)
Monitor 4 runs on two separate schedules, and each is associated with a different private location. Each private location is in a separate environment. One environment could be a test environment, and the other environment could be a production environment. Private API 7 and Private API 8 are copies of the same API. Monitor 4 is written to test one or more endpoints in private API 7 and the same endpoints in API 8, though it could also test endpoints in more private APIs.
Fifth relationship type (represented by solid violet arrows)
Monitor 5 runs on one schedule, though it could run on more than one. The schedule is associated with a private location. Monitor 5 is written to test one or more endpoints in private API 9 and in public API 10.
When tests are run by private locations in an instance of Anypoint VPC, the workers do not share resources with other MuleSoft customers. Therefore, AFM allows tests to wait for a default of thirty minutes for a response from an endpoint. You can increase this time in Anypoint Runtime Manager. To do so, follow these steps:
Go to Anypoint Runtime Manager.
Open the settings for the private location for which you want to increase the timeout.
In the executionTimeout field, specify a longer timeout in milliseconds.