Contact Us 1-800-596-4880

Secure an API with Basic Authentication and Rate Limiting

Publish an API running behind Flex Gateway in Local Mode, modifying YAML configuration data by the following method:

  • Linux and Docker: .yaml files

The following procedures demonstrate applying a simple YAML configuration for an API with multiple upstream services, all secured with basic authentication and rate limiting.

20%

25%

Publish an API Running Behind Flex Gateway on Linux

Publish an API Running Behind Flex Gateway in a Docker Container

Publish an API Running Behind Flex Gateway on Linux

Before You Begin

Before getting started, ensure that you have:

  • Flex Gateway installed and running in local mode. See Downloading Flex Gateway for more information about installing and running the gateway.

  • Your upstream service URLs. The following example refers to fictional products-api and users-api services, but you can specify your own API name in metadata.name and your service details in spec.services.

Publish an API

  1. Create a configuration file with a .yaml file extension:

    1. Give the file a custom name.

    2. Save the file in the Flex Gateway configuration directory /etc/mulesoft/flex-gateway/conf.d/custom. This directory can contain multiple configuration files.

  2. Copy and paste the following YAML snippet into the file, substituting your values where indicated:

    apiVersion: gateway.mulesoft.com/v1alpha1
    kind: ApiInstance
    metadata:
      name: products-users-api
    spec:
      address: http://0.0.0.0:8080
      services:
        products:
          address: https://<your products URL>:<your port>/
          routes:
            - rules:
                - path: /products(/.*)
                - path: /products-featured(/.*)
              config:
                destinationPath: /api
        users:
          address: https://<your users URL>:<your port>/
          routes:
            - rules:
                - path: /api/users(/.*)
      policies:
        - policyRef:
            name: http-basic-authentication-flex
          config:
            username: chris
            password: admin
        - policyRef:
            name: rate-limiting-flex
          config:
            exposeHeaders: true
            rateLimits:
              - maximumRequests: 3
                timePeriodInMilliseconds: 6000
            keySelector: "#[attributes.queryParams['identifier']]"
  3. Save the file. The gateway automatically refreshes the configuration.

  4. View the logs by executing the following command:

    journalctl -u flex-gateway-*

    The response looks something like this:

    [agent][info] Generating config
    [agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/products-users-api http://0.0.0.0:8080
    [agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-http-basic-authentication-flex-1
    [agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-rate-limiting-flex-2
    [agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-products Namespace:default}
    [agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-users Namespace:default}
    [agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router
    [agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881
    [agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881
    [agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-products https://<your products URL>:<your port>/
    [agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-users https://<your users URL>:<your port>/
    [agent][debug] generating service products-users-api-products.default.svc hostname: <your products URL> port: <your port>
    [agent][debug] generating service products-users-api-users.default.svc hostname: <your users URL> port: <your port>
    [agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json
    [envoy][info] cds: add 2 cluster(s), remove 2 cluster(s)
    [envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s)

An API secured with basic authentication and rate limiting is now running behind Flex Gateway.

Publish an API Running Behind Flex Gateway in a Docker Container

Before You Begin

Before getting started, ensure that you have:

  • Flex Gateway installed. See Downloading Flex Gateway for more information.

  • Flex Gateway registered and running in Local Mode. See Register and Run in Local Mode for more information.

  • Your upstream service URLs. The following example refers to fictional products-api and users-api services, but you can specify your own API name in metadata.name and your service details in spec.services.

Publish an API

  1. Open a terminal and navigate to the directory that will contain your Flex Gateway configuration files. This directory was specified when you started Flex Gateway.

  2. Create a configuration file with a .yaml file extension:

    1. Give the file a custom name.

    2. Save the file.

  3. Copy and paste the following YAML snippet into the file, substituting your values where indicated:

    apiVersion: gateway.mulesoft.com/v1alpha1
    kind: ApiInstance
    metadata:
      name: products-users-api
    spec:
      address: http://0.0.0.0:8080
      services:
        products:
          address: https://<your products URL>:<your port>/
          routes:
            - rules:
                - path: /api/products(/.*)
                - path: /api/products-featured(/.*)
              config:
                destinationPath: /api
        users:
          address: https://<your users URL>:<your port>/
          routes:
            - rules:
                - path: /api/users(/.*)
      policies:
        - policyRef:
            name: http-basic-authentication-flex
          config:
            username: chris
            password: admin
        - policyRef:
            name: rate-limiting-flex
          config:
            exposeHeaders: true
            rateLimits:
              - maximumRequests: 3
                timePeriodInMilliseconds: 6000
            keySelector: "#[attributes.queryParams['identifier']]"
  4. Save the file. The gateway automatically refreshes the configuration.

  5. View the Docker container logs, which look something like this:

    [agent][info] Generating config
    [agent][info] Gateway default/18b4e890fe7d: Adding ApiInstance default/products-users-api http://0.0.0.0:8080
    [agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-http-basic-authentication-flex-1
    [agent][info] Gateway default/4191c977e1ce: Adding Policy default/products-users-api-users-rate-limiting-flex-2
    [agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/products(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-products Namespace:default}
    [agent][info] Gateway default/18b4e890fe7d: Adding Route: &{host: path:/api/users(/.*) methods: headerConditions:[] profile:0xc0030529f0} => {Kind:Service Name:products-users-api-users Namespace:default}
    [agent][info] Gateway default/18b4e890fe7d: Adding Policy default/envoy.filters.http.router
    [agent][info] Gateway default/18b4e890fe7d: Adding Service default/monitoring_metrics http://0.0.0.0:9881
    [agent][debug] generating service monitoring_metrics.default.svc hostname: 0.0.0.0 port: 9881
    [agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-products https://<your products URL>:<your port>/
    [agent][info] Gateway default/18b4e890fe7d: Adding Service default/products-users-api-users https://<your users URL>:<your port>/
    [agent][debug] generating service products-users-api-products.default.svc hostname: <your products URL> port: <your port>
    [agent][debug] generating service products-users-api-users.default.svc hostname: <your users URL> port: <your port>
    [agent][info] Writing envoy bootstrap configuration to /tmp/envoy.json
    [envoy][info] cds: add 2 cluster(s), remove 2 cluster(s)
    [envoy][info] cds: added/updated 1 cluster(s), skipped 1 unmodified cluster(s)

An API secured with basic authentication and rate limiting is now running behind Flex Gateway.