API Gateway bridge solution
The API Gateway bridge solution supports deployment scenarios where the API Gateway and its authorized applications are deployed in separate environments. These environments can include multi-tenant cloud, single-tenant cloud, or on-premises installations.
The bridge solution provides a secure method for authorized applications to access APIs across network boundaries while maintaining authentication, authorization, and user identity controls. It allows two API Gateway instances to communicate with each other while preserving user identity and supporting user impersonation.
The bridge solution applies to scenarios such as:
- An authorized application running on-premises that needs to access APIs hosted in a multi-tenant environment
- A single-tenant deployment that must invoke APIs available only in the multi-tenant Infor cloud
- Backend services that require secure access to APIs in another environment while retaining user context
- Hybrid architectures supported during cloud migration projects
This image shows an authorized application accessing a multi-tenant API suite through an API Gateway proxy that is secured by using the API Gateway bridge solution:
This image shows the steps required to set up the API Gateway bridge solution:
Prerequisites
The following prerequisites are required to set up an API Gateway bridge solution:
- An on-premises or single-tenant API Gateway instance
- A multi-tenant API Gateway instance
- An API suite that is used as a proxy in the bridge solution
- Users that exist in both the multi-tenant and single-tenant or on-premises instances, with at least one matching user management (IFS) property. For example, the multi-tenant
EmailAddressmatches the single-tenant or on-premisesIdentity2value for each user - The API Gateway Administrator (
IONAPI-Admin) security role for both API Gateway tenants