Deploy an API instance

To deploy an API instance, you require an API proxy. An API proxy is a front-end virtual server where the API gateway (ADC instance) receives the API traffic from API clients. The API clients can be browsers, mobile applications, and so on.

You can share an API proxy with different API deployments. In an organization where you have multiple API services, you can create a separate API proxy for each API service. Or, you can create and share an API proxy with API instances for different API services.

For example, the two API services app1 and app2 are deployed on the same API Gateway and using the same front-end virtual server. You want to provide the same virtual IP address and SSL certificates information to both API services. In this case, you can add an API proxy with the required information and share with separate deployments. So, API services on different deployments can receive requests using the shared API proxy.

As an administrator, do the following to deploy an API instance:

  1. Add an API proxy.
  2. Deploy an API instance using the API proxy.

Add an API proxy

Follow the steps to add an API proxy:

  1. Go to Security > API Gateway > API Proxy.

  2. Specify the following:

    • Proxy name – A name for an API proxy.

    • Target API Gateway - Select an ADC instance that acts as an API gateway.

    • IP address – An IP address of the virtual server that is hosting API services.

    • Port – A port number of the virtual server that is hosting API services.

    • Protocol – Set a protocol depending on what traffic type you want to receive on the API proxy (HTTP or HTTPS).

    • TLS Security Profile – Select High or Medium from the list. If you select High, it maps to the A+ rating SSL profile on an ADC instance.

    • Certificate Store - Select the SSL certificate for the API gateway. Citrix ADM agent certificate store helps you to store and manage your SSL certificates in one location.

      Citrix ADM certificate store

      In the Citrix ADM agent certificate store, you can store SSL certificates in Citrix ADM agent and reuse them during ADC configuration.

      Note

      When your existing deployments using the SSL certificate or key that are not in {page.adm-ads-agent-short}} certificate store, add the certificate and key to the store with the same name.

    • Service FQDN – A fully qualified domain name where your API services are hosted. For example: api.example.com

    Alternatively, you can select an IPAM network to allocate the IP address. To view the allocated IP address from the IPAM network, navigate to Settings > IPAM. For more information on IPAM, see Configure IPAM.

  3. Click Save to save the deployment configuration.

    If you want to deploy this API proxy on the API gateway, click Save and Deploy.

API Proxy

After adding an API proxy, deploy an API instance.

Deploy an API instance using the API proxy

Follow the steps to deploy an API instance:

  1. Navigate to Security > API Gateway > Deployments.

  2. Click Add.

  3. In Deployment Basic Info,

    1. Specify the Deployment Name.

    2. In API Definitions, select the required API definition.

    3. Select the API Proxy that you want to use with this deployment.

  4. In Upstream Services, click Add to add back-end (origin) API servers where you want to egress the API traffic. You can configure an upstream service with its domain name or IP address.

    You can specify SNIP address and netmask details while deploying an API instance. The ADC instance uses the specified SNIP address to communicate with the upstream services (back end). The specified SNIP address becomes the source IP address for the egress traffic sent to upstream services. You can also use IPAM to configure SNIP address and netmask. If you don’t configure the SNIP address, the default SNIP address of the ADC instance becomes the source IP address for the upstream services.

    Note

    By default, the SNIP address and netmask options are optional. However, if you specify one of these options, you must specify another option too.

    1. Specify a name to an upstream service.

    2. Specify the domain.

    3. In Services, specify an IP address and port value. To add more IP addresses, click Add a new row.

    4. Click Add.

  5. In Routing, specify the following details to route incoming API traffic based on the resource path prefix:

    1. Specify the route name.

    2. Select an API Resource to receive an API request.

      Note

      You can also specify the custom path or path prefix.

    3. Select an Upstream Service from the list where you want to transfer the API traffic.

  6. Click Save to save the deployment configuration.

    If you want to deploy the configuration to the API gateway, click Save and Deploy.

API deployment

Enable the API analytics

The following are the prerequisites to enable analytics for a deployment:

  • Ensure that virtual servers are licensed

  • Ensure that analytics status is Disabled

  • Ensure that virtual servers are in UP status

To enable the API analytics for a deployment, do the following:

  1. Select the deployment to which you want to enable the API analytics.

  2. Click Enable Analytics.

    Enable analytics for an API deployment

  3. In the Configure Analytics for deployment page, select the virtual server, and click Enable Analytics.

    Configure analytics for an API deployment

  4. On the Enable Analytics window:

    1. Select the insight type (Web Insight, Security Insight, Bot Insight)

    2. Select Logstream or IPFIX as Transport Mode.

      For more information about IPFIX and Logstream, see Logstream overview.

    3. The Expression is true by default.

    4. Click OK.

    Enable the API analytics

The Citrix ADM processes to enable analytics on the selected virtual servers.

Deploy an API instance