API Protect IBM DataPower Gateway vTap Integration

Owned by John Gerlock
Last updated: Feb 10, 2023
2 min read

Overview

API Protect can integrate with the IBM DataPower Gateway to provide active protection and “continuous discovery” of APIs. This guide explains what the requirements are to use API Protect, and how the integration works.

Requirements

Supported IBM DataPower Gateway Versions

  • IBM DataPower Gateway 2018.4

  • IBM DataPower Gateway 7.6

  • IBM DataPower Gateway 10.0.x

 

API Protect Analyzer

To keep request data inside your cloud or on-premises infrastructure, the API Protect Analyzer will need to be deployed in your infrastructure. Our analyzer is resource-efficient, but care should be taken to provision enough resources to handle the traffic. In most cases, provisioning 4 vCPUs and 8GB of RAM will handle the normal traffic and spikes.

Supported Deployments

 

How The Integration Works

DataPower Gateways apply security policies to requests flowing through the gateway. Additionally, the gateway can execute GatewayScript to dynamically route, transformation, and apply policies. After installing the the API Protect GatewayScript, requests flowing through the gateway can be analyzed by our API Protect analyzer running inside your cloud or on on-premises infrastructure. All requests will be analyzed to maintain a live observability profile of all your gateway traffic. Based on the API Protect rules you configure and enable, requests can also be blocked on your gateway.

 

Installation

GatewayScript Install

We generate and provide you with api_protect.js GateWayScript file that can be loaded either from a local location using local://some_local_directory/api_protect.js or from the store using store://some_store_directory/api_protect.js

See https://www.ibm.com/docs/en/datapower-gateway/7.5.0?topic=gatewayscript-precedence-rules-require-files for more information about GatewayScript files.

API Protect Analyzer

Instructions for installation of the API Protect analyzer vary depending on the type of deployment you choose for your environment, ie, container or VM. We provide detailed instructions and support for whichever style of deployment you choose.

Kubernetes

The Helm chart installs API Protect in a Kubernetes cluster.
Requirements

  • Kubernetes 1.20+

  • Helm 3.0+

Install
$ helm upgrade \ --install apiprotect \ --values <values file> \ --namespace apiprotect \ apiprotect.tgz
Confirm Installation

$ helm test apiprotect -n apiprotect

Docker Compose

For evaluation purposes, running our Docker Compose file can have the analyzer running in minutes.

# Generate and download the compose file and .env file with your clientId # from Data Theorem Portal and place them in a local directory: $ ls -A docker-compose.yml .env $ docker compose --env-file .env up

Once the analyzer is running, it can accept tcp traffic on port 8080.