Separate API Endpoints

Version 23.4.8839


Separate API Endpoints

Version 23.4.8839


By default, CData Arc hosts the Administration Console (where administrators create and manage flows) and the public receiving endpoints on the same network port. To enhance security, you might want to separate the console from the public endpoints so that they are hosted on different ports.

Once the console and endpoints are separated, external partners that connect to Arc public endpoints cannot access the Administration Console even if they acquire the login credentials. (The default configuration protects the console behind a username/login combination).

Overview

Separating the console from the public endpoints requires explicitly configuring a second web application that consists of only the resources required to host public receiving endpoints. After this additional configuration, Arc uses two ports: one for the full (console) application, and one for the endpoint-only application.

This topic describes configuring the endpoint-only application. To configure the full application, see the standard web-configuration process that is described in the Installation and Configuration topics.

Restrictions

There are two requirements for separating the Arc console and public endpoints:

  • Hosting Arc public endpoints via an external server (Microsoft Internet Information Services [IIS], Eclipse Jetty, Apache Tomcat, and so on)
  • Configuring an enterprise application database (MySQL, SQL Server, PostgreSQL)

The following sections provide more details about these requirements.

.NET Edition

Setting Up the Endpoint-Only Application

If you use the .NET edition, you must use IIS to host the public receiving endpoints. You can still use the embedded web server to host the full (console) application that is not exposed to the public.

The .NET edition includes a www_services folder that contains the web configuration data required to host an endpoint-only application. When IIS is directed to this folder, the Arc public endpoint is accessible through IIS, without exposing the Administration Console. Further configuration of ports, SSL, and so on should be accomplished using IIS directly.

Setting Up the Application Directory and Application Database

Separating the public endpoints from the console requires configuring an enterprise database application. The www_services folder includes a web.config file where you configure the application directory and application database connections. When you configure a separate installation for the services endpoint and administration console, CData strongly recommends that both configurations point to the same application directory and database. For details about these configurations, see Configuring the Application Directory and Configuring the Application Database.

Note: The www_services folder is separate from the www folder, which hosts the full (console) application. The configuration of the www_services\web.config file should match the configuration of the file with the same name in the www folder. CData recommends that you manually update the \www_services\web.config file instead of copying the web.config file from the www folder because there is web configuration related to the user interface that is not needed in the services endpoint.

Java Edition

Setting Up the Endpoint-Only Application

For Java installations, you must use an external Java servlet (Jetty or Tomcat) to host the public receiving endpoints. You can still use the embedded web server to host the full (console) application that is not exposed to the public.

The Java edition includes a services.war file that should be used when you separate the endpoints from the console. Deploy this services.war file by using an external Java servlet to create the endpoint-only web application. Further configuration of ports, SSL, etc for this endpoint-only application should be accomplished using the XML configuration files for the external Java servlet.

Setting Up the Application Database

Separating the public endpoints from the console requires configuring an enterprise database application. For details about configuring the enterprise application database, see Configuring the Application Database.