Let’s start with Module 1 - Architectural Overview of IBM API Connect
Before we learn about the solution architecture for IBM API Connect, it is important to define the
     roles in as organization that publishes a set of APIs for its clients. The term “application programming
     interface” is used in many areas of software development. In the context of IBM API Connect, an API is
     a collection of services of operations that is made available on a network. The clients that call these
     API operations are known as API consumers. The organization or company that makes a set of service
     available is the API provider. In between the API consumer and API provider is the API gateway. This
     application server or network appliance mediates and regulates request to the posted API service.
     What is IBM API Connect? IBM® API Connect is an integrated API management offering, where all of
     the steps in the API lifecycle and the actions that surround it, are performed within the offering.
                                                   Script day1-1
     The steps of the API lifecycle include creating, running, managing and securing APIs.
                                                   Script day1-2
     With API Connect, you can perform all of the lifecycle steps in a single integrated offering, removing
     the requirement to use multiple API management offerings to obtain the same capability. API
     Connect includes the following key capabilities to cover the lifecycle of an API:
                  Automated, visual and coding options that API providers can use to create scalable APIs.
                  Node.js and Java support for creating micro-services applications and APIs with
                   integrated tooling.
                  Integrated enterprise grade clustering, management and security for Node.js and Java.
                  Lifecycle management and governance for APIs.
                  Access control over APIs for both API providers and consumers by using role-based
                   permissions, API packaging constructs and subscription and community management.
                  Customizable, self service portals for publishing APIs for discovery and use.
                  Runtime enforcement of built-in and user-defined policies and mechanisms to secure,
                   control and optimize API traffic.
                  API usage analytics for both API providers and consumers, with runtime and historical
                   reporting on usage patterns and performance metrics.
     Contents:
     In this session we will cover following points:
1.   Implement and publish LoopBack API applications.
2.   Exercise: Customize and deploy an application.
3.   Secure an API with security definitions.
4.   Exercise: Configure and secure an API.
     Before implementing and publishing API with LoopBack applications, let us get some knowledge on
     LoopBack.
                                                   Script day1-3
What is LoopBack? LoopBack is a highly-extensible, open-source Node.js framework for creating
APIs and connecting them with a backend data source. Built on top of Express, it can take a data
model definition and easily generate a fully functional end-to-end REST API that can be called by any
client.
Given below are some salient features of LoopBack:
              Create dynamic end-to-end REST APIs with little or no coding.
              Access data from Oracle, MySQL, PostgreSQL, MS SQL Server, MongoDB, SOAP and
               other REST APIs.
              Incorporate model relationships and access controls for complex APIs.
              Use built-in push, geolocation and file services for mobile apps.
              Easily create client apps using Android, iOS and JavaScript SDKs.
              Run your application on-premises or in the cloud.
LoopBack consists of:
        A library of Node.js modules.
        Yeoman generators for scaffolding applications.
        Client SDKs for iOS, Android and web clients.
The LoopBack framework makes a set of assumptions about your API implementation. The LoopBack
framework creates an API path for each model that you define. By default API operations, map to
actions on model objects. You can develop API faster by focusing on the nosiness logic and data.
When you define the model, the LoopBack framework automatically creates a pre-defined REST API
with a full set of creates, retrieve, update and delete operations.
                                            Script day1-4
What are Models, properties and relationships in a LoopBack framework?
The model objects represents the data and logic behind your API operations.
Properties represents a business data field.
Relationship define how API consumers create, retrieve and modify models and model properties.
Data Persistence with connector.
The framework also retrieves and persists the properties in the models to a data source that you
define. To bind a data source to database or data service, install and configure a LoopBack Connector.
What is LoopBack connector?
                                            Script day1-5
A Loopback connector uses Mode module that connects model objects to sources of data outside of
your LoopBack application.There are two categories of LoopBack connector: database and non-
database connectors.
Database connectors persist model data to database.
    Non-database connectors do not support the persistence API, they call remote service and return data
    to a model object.
    There are three steps in configuring a database connector:
    First you install a Loopback connector for your type of database. Second, you define the connection
    information in a LoopBack data source. Last you bind the model objects to the LoopBack data source.
    Remote methods and hooks:
    The framework generates only a set of API operations that create, retrieve, update and delete model
    and model properties.
    To implement free-from API operations, create remote methods in the model.
    To implement processing logic before and after API operations, create remote hooks in the model.
    Remote hooks are the event handlers that execute before and after an API operation.
    Let us get started with creating a Loopback Application:
    In the following session we will learn:
1   How to create a multi-model loopback application.
2   How to create a representational state Transfer(REST) API definition using IBM Connect API designer.
3   How to create a Representational State Transfer(REST) API definition using IBM Connect Command
    Line.
4   How to use the LoopbackMySQL connector.
5    How to use the loopback MongoDB connector.
6   How to create relationships between models.
    Step by Step instructions for creating Loopback Application:
    1 Create a working directory
    Go to the terminal emulator by selecting it from the task bar. Create a project directory called
    ThinkIBM. In the terminal type
     Mkdir ~/ThinkIBM
    Change it to the new ThinkIBM directory
     Cd ~/ThinkIBM
    2 Create the Inventory App
    To create your Inventory Application, you will need to use Loopback technology that comes with API
    Connect Developer Toolkit. Loopback enables you to quickly compose scalable APIs that runs on top of
    the Express web framework.
    From the command line terminal, type the following command to create inventory application-
                                                 Script day 1-6
    apic loopback inventory
You will be asked to name your application. Since you have already supplied the name of the
application as part of the previous step, you can keep the default by pressing Enter or Return key.
Next you will be asked to supply the name of the directory where the application needs to be created.
Loopback will default the project directory name to the name of the application.
Press Next or Return key to accept the default value of inventory.
Next you will be asked to select the empty-server option and press the Enter or Return key.
At this point, the project builder will install the core dependencies for our Node.js application.
Please wait until you see the ‘Next Step’ section.
Change it to the newly created inventory directory.
3 Create a Data Source Connector to MySQL.
The data source is what allows the API to communicate with the backend data repository. In this case
we will be using MySQL to store the inventory item information.
There are two parts to this. First is the destination of how to connect to the backend system. The
second is downloading the actual loopback connector for MySQL. The connector is akin to an ODBC or
JDBC connector.
In your terminal ensure that you are in the ~/ThinkIBM/inventory.
In your terminal type
apic create –type datasource
The terminal will bring up the configuration wizard for our new datasource. The configuration wizard
will prompt you with a series of questions. Some questions would require text input, others offer a
selectable menu or predefined choices.
Answer the questions with the following data:
Enter the data-source name: mysql-connection
Select the connector for mysql-connection
 >MySQL(supported by StringLoop)
 Host: mysql.think.ibm
 Port: 3306
 User : Student
 Password: Passw0rd!
 Database: think
 Install loopback-connector-mysql(Y/n): Y
By passing Y(Yes ) to the question, the MySQL connector will be downloaded and saved to your
project automatically. This will create a connection profile in the
~/ThinkIBM/inventory/server/datasource.json. It is effectively the same as running the following to
install the connector.
npm install loopback-connector-mysql –save
4 Launch the API Connect Designer
Ensure you are in the ~/ThinkIBM/inventory directory, then type the following command-
        apic edit
                                            Script day1-7
Tour default web browser will launch and automatically load the designer screen.
Now that API designer is running , you should see the start page with your inventory API. This API
was created as a result of the generation of our Loopback application.
5 Create the model for the inventory Items
In this section, you will define the item data model for our inventory API and attach it to the MySQL
data source. Loopback is a data model driven framework. The properties of the data model will
become the JSON elements of the API request and response payloads.
Click the Models tab
Click +Add button
In the New Loopback model dialog, enter item as model name and click the New Button.
When the model edit page for the item model is displayed, select the my-sql-connection DataSource.
6 Create Properties for the item Model
The item table in the MySQL database has 6 columns that will need to be mapped as well. To start
creating properties for the item model:
       Click the + button in the properties section
        The item data model consist of six properties, Use the data below to add each of these
properties.
       Required: yes
       Property Name : name
       Type : string
       Description: item name
       Required: yes
       Property Name : description
       Type : string
       Description: item description
       Required: yes
       Property Name : img
       Type : string
       Description: location of item image
       Required: yes
       Property Name : img_alt
       Type : string
       Description: item image title
       Required: yes
       Property Name : price
       Type : number
       Description: item price
       Required: no
       Property Name : rating
        Type : number
        Description: item rating
Scroll to the top of the page and click Save button to save the data model.
Click the All Model link to return to the main API designer page.
7 Create a MongoDB data source
So far we have created a Loopback application which provides APIs around our inventory item stored
in a MySQL database.
In this section, you will create the data model for item reviews and use the MongoDB to store the
review data.
First you must create a data source entry for the MongoDB:
            1. Close the browser.
            2. Select the Terminal Emulator from the Taskbar to open the command line.
            3. Even though we closed the browser, the API Designer application will still be
               running.
            4. Hold the control key and press the C key to end the API Designer session. This will
               take you back to the command line prompt.
            5. Type the following command to create a data source for MongoDB-
               apic create –type datasource.
            6. The terminal will next bring up the configuration wizard for our new datasource. The
               configuration wizard will prompt you with a series of questions. Some questions
               require text input, others will offer a selectable menu of pre-defined choices.
            7. Answer the questions with the following data -
                        Enter the data-source name: mongodb-connection
                        Select the connector for mongodb-connection:
                                  >MongoDb( supported by Strongloop)
                        Host: mongo.think.ibm
                        Port: 27017
                        User
                        Password:
                        Database: think
                        Install loopback-connector-mongodb (Y/n) Y
                 By typing Y(Yes) to the question install loopback-connector-mongo, the MongoDb
Connector will be downloaded and saved to your project automatically. This will create a connection
profile in the ~/ThinkIBM/inventory/server/datasource.json file.
It is effectively the same as running the following to install the connector.
npm install loopback-connector-mongodb –save
8 Create Model for Reviews
The review data model will be used to store the item reviews left by buyers. The reviews will be
stored in a MongoDB.
In the earlier steps, you used the API Designer User Experience to create a data model. This time you
will use the command line to create the review model.
            1. Type the following command to create the review data model-
               apic create –type model
            2. Enter the properties for the review model.
               You will not expose the review mode as a REST API. This is because you will create a
               relationship between the item and the review later, that will create the REST APIs
               you will use.
                ?Enter the model name : review
                ?Select the data-source to attach review to:mongodb-connection(mongodb)
                ?Select model base class
                        >PersistedModel
                ?Expose review via the REST API (Y/n) : N
                ?Custom plural form (Used to build REST URL):
                        >Common
            3. Continue using the wizard to add properties for the review model.
            4. The first property is the date property.
                        Enter an empty property name when done
                        ? Property name : date
                        ? Property type: date
                        ?Required? Y
                        Default Value [Leave blank for none]
            5. Next add the reviewer_name property
                        Enter an empty property name when done
                        ? Property name : reviewer_name
                        ? Property type: string
                        ?Required? N
                        Default Value [Leave blank for none]
            6. Next add the reviewer_email property
                        Enter an empty property name when done
                        ? Property name : reviewer_email
                        ? Property type: string
                        ?Required? N
                        Default Value [Leave blank for none]
            7. Next add the comment property
                        Enter an empty property name when done
                        ? Property name : comment
                        ? Property type: string
                        ?Required? N
                        Default Value [Leave blank for none]
            8. Finally add a property for the item rating
                        Enter an empty property name when done
                        ? Property name : rating
                        ? Property type: number
                        ?Required? Y
                        Default Value [Leave blank for none]
            9. To close the wizard, the item will next ask you to add another review property, just
               press enter or Return to exit.
9 Create a Relationship Between the item and review Data Models
                                            Script day1-8
                                           Script day 1-9
        The next step is to create a relationship between the item model and review model. Even
though the model reference entities is entirely different in the databases, API Connect provides a
way to create a logical relationship between them. This logical relationship is then exposed as
additional operations for the item model.
            1. In the terminal session, type the following command
                apic loopback:relation
            2. Enter the details for the relationship as follows
                        ?Select the model to create the relationship from:
                                >item
                        ?Relationtype:
                                >has many
                        ?Choose a model to create a relationship with
                                >review
                        ?Enter the property name for the relation: reviews
                        ?Optionally enter a custom foreign key: <leave blank>
                        ?require a through model? No
Customize and Deploy Loopback application
In the following session we will learn-
        About Loopback remote hooks.
        How to create a remote hook.
        How to publish a Loopback application to a Liberty runtime collective.
At this point you would have created -
1.   A basic application template.
2.   Added an item data model backed by a MySQL data source.
3.   Added a review data model backed by MongoDB data source.
4.   Added a relationship between the item and review models.
In this tutorial you will extend the inventory application by adding a remote hook. Remote hooks
allow you to provide pre and post processing to an API call, such as adding additional header
information to a remote service or calculating a value.
Then you will publish your Loopback application Inventory application to the Liberty Collective,
Making it generally available for consumption.
1 Edit the Application Configuration
        Before publishing the API application, the configuration file that was generated for you
needs to be edited. By default, the generated application uses a base path of /api. In the next few
steps you will learn to modify the base path to listen on inventory.
             1. Open the Atom text editor.
             2. From the Atom menu, click on File > Open Folder.
             3. Click on the Student location from the Places menu, then navigate to the ThinkIBM >
                Inventory folder and click the ok button.
             4. From the folder tree menu, expand the server folder and click on ocnfig.json file to
                view source.
             5. Edit line 0 of the config.json file. Change /api to /inventory
             6. Use the Atom file menu to save the changes.
2 Create a Remote Hook
                                            Script day1-10
        Remote hooks are custom javascript code that execute before or after calling an operation
on a Loopback application.
For more information on Remote Hooks, please review-
https://docs.strngloop.com/dispplays/public/LB/Remote+hooks
             1. In the Atom editor, expand the directory structure for the common/models location
                and select the item.js file.
             2. You are going to update this file to include a new remote hook function, which will
                run after a new review is submitted for an item.The function will take an average of
                all reviews for that item, then update the item rating in the MySQL datasource.
            3. To avoid potential typing error, a sample file is made available for you to copy. Use
               the favourites menu to open the Brackets application.
            4. Expand the lab_files/lab3 folder and select the example item.js file.
            5. Use the menu option for Selection > Select All to highlight all of the text.
            6. Use the menu option for Edit> Copy to copy the file contents on your clipboard.
            7. Return to the Atom application. Remove everything in the item .js file.Then paste
               (control +v or Edit > Paste ) the contents of your clipboard top update the file.
            8. Use File > Save menu option to save the changes.
3 Verify the inventory application
        Before you publish the API provider application, verify that the inventory application starts
correctly.
            1. Return to your Terminal Emulator session or open a new one if you have closed it
               previously.
            2. Switch to the ~/ThinkIBM/inventory directory
                        cd ~/ThinkIBM/inventory
            3. Starts the Node application with the npm start command
                         npm start
            4. Open a web browser to http://localhost:3000/inventory/items
            5. Make sure that API operation call returns a list of items in a JSON object.
            6. In the terminal window, press Ctrl + C to stop the Node application.
4 Publish application to Liberty Collective.
        In this section, you will publish the inventory application to a Liberty runtime collective for
general consumption.
        4.1 Register the Application with API Connect and Liberty.
            1. Use the favourite menu to launch browser.
            2. Click on the API manager bookmark.
            3. Enter the following credentials and then click the sign in button.
                        Username: Student@think.ibm
                        Password: Passw0rd!
            4. Select the menu button from the top left corner of the page.
            5. Open Dashboard view.
   6. Now that the API Manager dashboard is open, click the + Add button and select App
      from the list.
   7. Fill out the Add App form with following details-
           a. Display Name: inventory
           b. Name : inventory
           c. Collective: AppSvr
   8. Click the Add button to link the application between our API Connect server and the
      Liberty Collective server. This step creates a registration that allows app
      management from API to connect once the application is published.
4.2 Configure the Developer Toolkit to Communicate with API Connect
   1. Click on the hyper link icon inside of the Inventory app title.
    2. Copy the contents of the popup to your system clipboard.
    3. Click on the user profile icon and select Log Out.
    4. Close the browser.
    5. Return to your Terminal Emulator session or open a new one, if you have closed it
       previously.
    6. Ensure you are in the ~/ThinkIBM/inventory project folder.
    7. Use the terminal menu bar to select Edit > Paste to paste the contents of your
       clipboard. If you did not copy the command earlier, you can type it here.
    8. Continue setting up the development environment by logging into the API Connect
       management server.
               apic login –type app
    9. Use the following credentials when prompted
           a. Server mgr.think.ibm
           b. Username : student@think.ibm
           c. Password: Passw0rd!
4.3 Publish the Application.
    1. Ensure the Liberty Collective server is up and running by typing-
               wlpn-controller start
2. Type the following command to package the inventory application and publish it to
   the collective server-
            apic apps:publish
3. The terminal will prompt you once the publication is complete.
4. You will need the host header that is returned in the next tab.
   High list the host header: value and then right-mouse-click to show the menu and
   select Copy.
5. Open the Notes application by clicking on the notepad icon in the taskbar.
6. Paste the host header into the Notes window. Add a label so that you will know
   what the value is.
Secure an API with security definition
API Security definition
                                            Script day 1-11
To enforce authentication and authorization for your API, define and apply security definitions in
your API definition. Your gateway authenticates users to verify the identity of the client. The
gateway authorizes access to an API operation for clients that you permit. API security definitions do
not handle all aspects of API security. For example - you define transport level security (TLS
)providers in the IBM API Management Server. Not every API needs to be secured. Some resources
might not contain sensitive information. This session discusses hot authenticate and authorizes API
clients with IBM API connect.
How do you secure your APIs in API Connect?
Create Security definition.
The Security definition states which security scheme API Connect applies to your API. The definition
specifies the configuration settings for the scheme.
Enable a security definition to your API.
To call an API operation, the client application must provide the information that you specified in the
security definition. You can apply security definition to an entire API or a specific operation within
API.
What types of security definitions can you handle?
                                            Script day 1-12
API Key: - The API Key scheme authenticates the API caller from the client ID and client secret
credentials.
Basic: - The HTTP basic authentication scheme, enforces authentication and authorization at the
HTTP message protocol layer.
OAuth 2.0 :- The OAuth 2.0 scheme is a token based authentication protocol that allows third party
websites to access user data without requiring user to share personal information.
The OAuth 2.0 specification defines two types of clients-
        Public
        Confidential
Public Clients should not be trusted with passwords secrets. For example a web application that is
written in JavaScript that runs on the user’s web browser cannot guarantee password
confidentiality.
Confidential clients can keep a client password secret. The same web application that runs in an
access restricted web server keeps the password encrypted when it communicates with the server.
OAuth Provider API: OAuth flow and grant types
                                           Script day 1-13
Implicit:      Uses an implicit grant type. The authorization server sends back an access token after
               the resource owner authorizes the client application to use the resource.
Password:      Uses the resource owners password credentials. The client application sends user
               name and password for a user on the resource server.
Application:   Uses the client credentials. The client application sends its own credentials when it
               accesses resources under its own control or previously arranged with authorization
               server.
Access code: After the authorization server authenticates the resource owner, the authentication
             server sends back a custom redirect URI and an authorization code. The client
             application opens the redirect URI with the authorization code to retrieve an access
             token for resource.
Configure and secure API
In this tutorial you will learn how to configure and secure the inventory API crated during loopback
application generation. Using graphical design tools in API designer, you will create an OAuth 2.0
provider call OAuth and then update the inventory API to use this provider. You will use the API
Editor assembly to view and specify the APIs runtime behaviour.
                                            Scriipt day 1-14
In the following session we will learn-
       How to create an OAuth 2.0 provider, specifically using the resource Owner Password grant
        type.
       How to secure an existing API using the newly created OAuth 2.0 Provider.
       How to add catalog-specific properties to an API.
1 Working with the inventory API in API Designer
            1. First launch API Designer by typing the following commands from your project.
               Cd ~/ThinkIBM/inventory
                  API designer will open in your default browser.You may see an information message
about Draft APIs. This message appears the very first time you launch the API. If so, click the Got it!
Button when you are ready to proceed to creating an API.You should see the APIs view and a single
API listed. The inventory API was automatically created during loopback app generation.We will edit
this API at a later step.
2 Adding a New OAuth 2.0 Provider API
            1. Click the + Add button and select OAuth 2.0 Provider API from the menu.
            2. Specify the following properties and click the Next button to continue-
                   a. Title : oauth
                   b. Name : oauth
                   c. Base Path : /oauth20
                   d. Description: API for Obtaining Access Tokens
            3. Accept the default radio button selection labelled..Don’t add to a product and click
               the Add button.
               The API editor will launch. If this is your first time using the API Edito, you will see an
               informational message.When you are ready to proceed, click the Got it! Button to
               dismiss the message.
                The API Editor opens to the newly created oauth API.The left hand side of the view
                provides shortcuts to various elements within the API definition: Info, Host, base,
                etc. By default, the API editor opens to the Design view, which provides a user
                friendly way to view and edit your APIs.You may notice additional tabs labelled
                Source and Assemble. We will work with these views as well.
4. Navigate to the Host section of the API.Remove $(catlog.host) from the Host field, as
   we want to keep this blank.
5. Navigate to the 0Auth 2 section
   Over the next several steps, we will set up OAuth-specific options such as client
   type(public vs confidential), valid access token scopes, supported authorization
   grant types, etc.The OAuth 2.0 Specification has detailed descriptions of each of the
   properties we have configured here.
6. For the Client type field, click the drop down twisty and select Confidential.
7. Three scopes were generated for you when the OAuth API provider was generated:
    scope1, scope 2 and scope 3.
8. Modify the values for scope 1, set the following fields-
        a. Name: inventory
        b. Description: Access to Inventory API
9. Delete scope2 and scope 3 by clicking the trashcan icons to the right of scope
    definitions.
10. We want to configure this provider to only support the Resource Owner Password
    Credentials grant type. Deselect the Implicit, Application and Access Code Grants,
    but leave Password checked.
11. Set the OAuth 2 setting as follows-
        a. Collect credentials using: basic
        b. Authenticate application users using: Authentication URL
        c. Authentication URL: https://services.think.ibm:1433.auth
        d. TLS Profile: removetls-profiel-4 and leave black
        e. Deselect the Enable revocation URL option
           12. Navigate to the Paths section. Notice that the generated paths begin with /oauth2.
               However, since we have configured our base path to be /oauth20, we will shorten
               the authorization and token paths.
           13. Change the /oauth2/authorize path to /authorize
           14. Change the /auth2/token path to /token
           15. Click the Save icon in the right top corner of the editor to save your changes.
3 Configuring and securing the Inventory API-
           1. Click the All APIs link at the top left of the API editor to return to list of APIs.
           2. Click the inventory link.
              The inventory API will open in the API Editor, where we can make the necessary
              configuration changes. Over the next several steps you will set this API up to use
              OAuth provider just created.
           3. Click on the trashcan icon for the x-any Definition to remove it. Confirm the removal
              by clicking OK button in the prompt.
           4. Navigate to the Base Path section.
              Change the base path from /api to /inventory
           5. Navigate to the Host section of the API.remove the $(catlog.host) value
              As with OAuth API Provider we just created, we want this value to remain empty.
           6. Navigate to the Security Definition section
              Click the +icon in the Security Definitions section and select OAuth from the menu.
              A new security definition is created for you called oauth-1(OAuth)
           7. Scroll down definition to edit the newly created security definition.
   Set it to have the following properties
                 a. Name: oauth
                 b. Description: Resource Owner Password Grant Type
                 c. Flow: Password
                 d. Token URL: https://api.think.ibm/sales/ab/oauth20/token
8. Click the + icon in the Scopes section to create s new scope. Set the following
   properties-
                 a. Scope name : inventory
                 b. Description: Access to all inventory resources
9. Navigate to the Security section check oauth (OAuth) checkbox.
            Now that the API is secured using our OAuth provider, we can define how
            the API should behave when called. In the next two sections, we will
            configure the inventory API to call our inventory application which was
            published at the end of this tutorial.