Serving HTTPS requests from InterSystems API Management

Article

Eduard Lebedyuk · Nov 22, 2019 1m read

This quick guide shows how to serve HTTPS requests with InterSystems API Management. Advantage here is that you have your certs on one separated server and you don't need to configure each backend web-server separately.

Here's how:

1. Buy the domain name.

2. Adjust DNS records from your domain to the IAM IP address.

3. Generate HTTPS certificate and private key. I use Let's Encrypt - it's free.

4. Start IAM if you didn't already.

5. Send this request to IAM:

POST http://host:8001/certificates/
{
    "cert": "-----BEGIN CERTIFICATE-----...",
    "key": "-----BEGIN PRIVATE KEY-----...",
    "snis": [
        "host"
    ]
}

Note: replace newlines in cert and key with \n.

You'll get a response, save id value from it.

6. Go to your IAM workspace, open SNIs, create new SNI with the name - your host and ssl_certificate_id - id from the previous step.

7. Update your routes to use https protocol (leave only https to force secure connection, or specify http, https to allow both protocols)

8. Test HTTPS requests by sending them to https://host:8443/<your route> - that's where IAM listens for HTTPS connections by default.

Alexey Maslov · Nov 22, 2019

Eduard, thank you for a very good webinar.

You mentioned that IAM can be helpful even if there is "service-mix": some services are IRIS based, others - not. How can IAM help with non-IRIS services? Can any Target Object be non-IRIS base?

0 0

Eduard Lebedyuk · Nov 22, 2019

Can any Target Object be non-IRIS base?

Absolutely. The services you offer via IAM can be sourced anywhere. Both from InterSystems IRIS and not.

How can IAM help with non-IRIS services?

All the benefits you get from using IAM (ease of administration, control, analytics) are available for both InterSystems IRIS-based and non InterSystems IRIS-based services