IBM API Connect for wizard¶
The Wallarm Edge node can be connected to your IBM DataPower in synchronous mode to inspect traffic before it reaches the managed APIs - without blocking any requests.
Follow the steps below to set up the connection.
Apply the Wallarm policies to APIs in IBM API Connect
-
Download the provided code bundle for your platform.
-
Register the request inspection policy:
-
Register the response inspection policy:
In most cases, the configured-gateway-service name is datapower-api-gateway.
Integrate Wallarm inspection steps into the assembly pipeline
In your API specification, within the x-ibm-configuration.assembly.execute section, add or update the following steps to route traffic through the Wallarm Node:
-
Before the
invokestep, add thewallarm_prestep to proxy incoming requests to the Wallarm Node. -
Ensure that the
invokestep is configured as follows:- The
target-urlshould follow the format$(target-url)$(request.path)?$(request.query-string). This ensures that requests are proxied to the original backend path along with any query parameters. header-controlandparameter-controlallow all headers and parameters to pass through. This enables the Wallarm Node to analyze the full request, detect attacks in any part of it, and accurately build the API inventory.
- The
-
After the
invokestep, add thewallarm_poststep to proxy responses to the Wallarm Node for inspection.
...
x-ibm-configuration:
properties:
target-url:
value: <BACKEND_ADDRESS>
...
assembly:
execute:
- wallarm_pre:
version: 1.0.1
title: wallarm_pre
wallarmNodeAddress: <WALLARM_NODE_URL>
- invoke:
title: invoke
version: 2.0.0
verb: keep
target-url: $(target-url)$(request.path)?$(request.query-string)
persistent-connection: true
- wallarm_post:
version: 1.0.1
title: wallarm_post
wallarmNodeAddress: <WALLARM_NODE_URL>
...
Publish your product with the updated API
To apply changes to the traffic flow, re-publish the product that includes the modified API: