Layer7 API Management

Hi,

I am calling an 3rd party service using layer 7.

USE CASE 1:

Consider my Request Information is like this,

Layer 7 Request URL : http://l7host.com/addtocart

Method : POST

Internally Calling Request URL: "http://www.some.com/addtocart"

Method: POST

After the successful addtocart, the internal service returns cookies.

Questions:

1. How can i pass those cookies to the client?

2.  Do i need to parse those cookies manually and set to client?

3.  If 2 is doable, is it feasible?

USE CASE 2:

Consider my Request Information is like this,

Layer 7 Request URL : http://l7host.com/addtocart

Method : POST

INTERNAL SERVICE 1 :Internally Calling Request URL: "http://www.some.com/addtocart"

Method: POST

INTERNAL SERVICE 2: Redirection Endpoint : "http://www.some.com/addtocart-redirect-success"

Method : GET

After a successful transaction (internal service-1), the internal service redirects to another endpoint (Redirection Endpoint)(internal service-2),

that endpoint requires the cookies set by the (internal service-1).

Questions:

1. How can pass through all cookies for all subsequent request?

2. Do i need manually handle the cookies and pass to the subsequent calls?

Further,

1.  What is the best practice for handling cookies in layer 7?

2.  Is there any configuration options needs to be turned on?

Hello,

You can manipulate cookies in the APIM Gateway.

Essentially the transfer of Cookies happens via the Cookie and Set-Cookie header. So by manipulating those headers you can access the request's and response's cookies.

Also, the Gateway supports the following two assertions for handling cookies:

- Require HTTP Cookie: Require HTTP Cookie Assertion - CA API Gateway - 8.3 - CA Technologies Documentation

- Manage Cookie: Manage Cookie Assertion - CA API Gateway - 8.3 - CA Technologies Documentation

Also, you can control which headers are passed from the backend to the client via the Headers tab of the "Route via HTTP(S)" properties menu.

You can find more information here: Route via HTTP(S) Assertion - CA API Gateway - 8.3 - CA Technologies Documentation

Those two assertions should also help you implement your use cases. If you need any further help please do not hesitate to ask.

Kind regards,

George Kaniouris

Hi @kange05

Thanks for the reply. So my understanding was layer 7 will automatically pass the cookies sent by the client to the 3rd party service, and once again pass through the cookies returned by the 3rd party services to the client.

"There should be no manual handling of Cookies"?

Consider i am orchestrating list of services using AIPM,

Service 1 - A

Service 2 - B

Service 3 - C

Now the Service-2 (B) needs the cookies of Service-1 (A) and Service-3 (C) needs merged cookies of Service-1(A) and Service-2(B).

1. Will layer 7 does this automatically?

2. Do i need to capture the cookies and manually merge the cookies and pass to the respective service?

3. If 2 is doable, how to handle duplicates of cookies?

I do not think that the Gateway will do something like that automatically. You will have to do some manual work in policy in order to implement your use-case.

One way you might be able to do it is the following:

- Receive the cookies from A.

- Extract them from the Set-Cookie header by using the "Require Cookie" assertion, and keep them in context variables for future use.

- Use the "Manage Cookie" assertion to add them to the request to B.

- Receive the cookies from B and extract them using the "Require Cookie" assertion.

- Use the cookies from B and A through the "Manage Cookie" assertion to add them to the request to C.

- Send the request to C.

This is a high level description of how I would try to implement such a scenario. I have not actually implemented it so I might be missing details that will pop up during implementation.

Also, I do not have a working example of this implementation.

If you hit any dead ends during your implementation, or you need any further information then do not hesitate to ask.