Separate API Endpoints

Version 22.0.8473


Separate API Endpoints

Version 22.0.8473


By default, CData Arc hosts the Administration Console (where administrators create and manage flows) and the public receiving endpoints on the same network port. To enhance security, you might want to separate the console from the public endpoints such that they are hosted on different ports.

Once the console and endpoints are separated, external partners that connect to Arc public endpoints cannot access the Administration Console even if they acquire the login credentials. (The default configuration protects the console behind a username/login combination).

Overview

Separating the console from the public endpoints requires explicitly configuring a second web application that consists only of the resources that are required to host public receiving endpoints. After this additional configuration, Arc uses two ports: one for the full (console) application, and one for the endpoint-only application.

You should use this page to configure the endpoint-only application. To configure the full application, see the standard web-configuration process that is described in the documentation.

Restrictions

There are two requirements for separating the Arc console and public endpoints:

  • Hosting Arc public endpoints via an external server (Microsoft Internet Information Services [IIS], Eclipse Jetty, Apache Tomcat, and so on)
  • Configuring an enterprise application database (MySQL, SQL Server, PostgreSQL)

The following sections provide more details about these requirements.

Windows Edition

Setting Up the Endpoint-Only Application

For Microsoft Windows installations, you must use IIS to host the public receiving endpoints. You can still use the embedded web server to host the full (console) application that is not exposed to the public.

The Windows edition includes a www_services folder that contains the web configuration data that is required to host an endpoint-only application. When IIS is directed to this folder, the Arc public endpoint is accessible through IIS, without exposing the Administration Console. Further configuration of ports, SSL, and so on should be accomplished via IIS directly.

Note that this www_services folder is separate from the www folder, which hosts the full (console) application.

Setting Up the Application Database

Separating the public endpoints from the console requires configuring an enterprise database application. For details about configuring the enterprise application database, see Configure the Application Database on the Windows page.

Java Edition

Setting Up the Endpoint-Only Application

For Java installations, you must use an external Java servlet (Jetty or Tomcat) to host the public receiving endpoints. You can still use the embedded web server to host the full (console) application that is not exposed to the public.

The Java edition includes a services.war file that should be used when you separate the endpoints from the console. Deploy this services.war file by using an external Java servlet to create the endpoint-only web application. Further configuration of ports, SSL, etc for this endpoint-only application should be accomplished using the XML configuration files for the external Java servlet.

Setting Up the Application Database

Separating the public endpoints from the console requires configuring an enterprise database application. For details about configuring the enterprise application database, see Configure the Application Database on the Java page.