Aperio Documentation > API landscape overview > API Bridge

API Bridge

API Bridge is container solution which joins IBM i with HTTP world. It is used to convert HTTP requests into Iptor internal IADF (Iptor API Data Format), then it calls RPG program. The response generated by RPG program is converted back to HTTP response. API Bridge allows to publish RPG backend programs as REST services. API Bridge plays several roles in the API landscape:

HTTP <-> IADF (Iptor API Data Format) interpreter
Authorizes HTTP requests by checking incoming requests with external authentication provider (currenty Keycloak)
Session handling with job pooling. Creates and configures IBM i sessions.
Exposes REST Web Services based on OpenAPI specification. Regardless how many RPG programs exist on IBM i backend, API Bridges exposes only these which are included in OpenAPI specification. See OpenAPI driven API
Additionally, has a built-in mechanism to read RPG program and generate OpenAPI specification for it.

Endpoints

Below is the list of endpoints that are exposed by API Bridge (only summary information provided). For more information, see Core OpenApi specification.

/rpc (legacy)

This group of endpoints are used to communicate within internal infrastructure of Iptor objects (legacy). It is also used by Aperio Client (generated mobile apps).

HTTP method	path	description
POST	/rpc/login	Used to login to IBM i. As response sends back JWT access token and refresh token
POST	/rpc/logout	Used to logout from IBM i. You need to prvide authorization header with Bearer token as value
GET	/rpc/logout	Used to logout from IBM i. You need to prvide authorization header with Bearer token as value
POST	/rpc/refreshtoken	Used to refresh access token. You need to provide authorization header with Bearer refresh token as value
POST	/rpc/service	Common endpoint to call all API requests. As input You need to provide json string with “control” object and “params” object. “control” should contain “method”, and “params” should contain RPG parameters. Example: {“control”:{“method”:“salesOrder.get”}, “params”:{“salesOrder”:12345678}}. Require Authorization header with Bearer token as value
GET	/rpc/getStatus	Gets job status from IBM i. Require Authorization header with Bearer token as value
GET	/rpc/metadata/method	Retrieves detail description of one API method from Aperio. Require Authorization header with Bearer token as value
GET	/rpc/metadata/methods	Retrieves list of API methods from Aperio. Require Authorization header with Bearer token as value

/rpc-oidc

New version of RPC connection prepared to handle token generated by Keycloak. All APIs require Authorization header with Bearer Keycloak token as value. Additionally they require to provide Env-Company as HTTP header. Example: Env-Company=DV.

HTTP method	path	description
DELETE	/rpc-oidc/connections	Delete current connections (IBM i jobs) created for given token and company
POST	/rpc-oidc/service	Common endpoint to call all API requests. As input you need to provide json string with “control” object and “params” object. “control” should contain “method”, and “params” should contain RPG parameters. Example: {“control”:{“method”:“salesOrder.get”}, “params”:{“salesOrder”:12345678}}. Require Authorization header with Bearer Keyclaok token as value. Additionally require to provide Env-Company as HTTP header. Example: Env-Company=DV

/health

This group of endpoints may be used for health check of API Bridge.

HTTP method	path	description
GET	/hello	Simple method to check if API bridge is working
GET	/health/liveness	Gets status of API Bridge. Check if is alive (running)
GET	/health/readiness	Gets status of API Bridge. Checks if API Bridge is alive and ready to serve APIs

/admin

This group of methods are used to maintain API Bridge. They are allowed only for aunthenticated users (Keycloak). Additionally, users must have role “admin”. All endpoints require Authorization header with Bearer token (Keycloak) as value.

HTTP method	path	description
DELETE	/admin/connections	Delete all IBM i connections (jobs)
DELETE	/admin/connections/{company}	Delete all IBM i jobs created for specific company
DELETE	/admin/connections/{company}/{user}	Delete all IBM i jobs created for specific company and user
DELETE	/admin/currentConnection/{company}	Delete curent connection (IBM i jobs) created for specific company and current user associated with Keycloak token
GET	/admin/connections	Gets list of IBM i connections (jobs)
GET	/admin/connections/{company}	Gets list of IBM i connections (jobs) created for given company
GET	/admin/connections/{company}/{user}
GET	/admin/oas/apis/{company}	Generate OpenAPI specification for all APIs (RPG programs) defined as API on given company. Require aperio.gen.config file. See Configuration.
GET	/admin/oas/apis/{company}/{method}	Generate OpenAPI specification for one API method (RPG program) defined on given company.
GET	/admin/oas/files/{name}	Get OpenAPI file generated previously
GET	/admin/oas/reload	Force API Bridge to reload OpenAPI files. Used if an OpenAPI file was changed and we want to load new to API Bridge without restarting API Bridge

/rest

This group of endpoints are exposing API according to OpenAPI specification. For details how the path is constructed see Rest endpoints construction mechanism.

/rest-alt

Alternative REST path where API version is passed via header (API-Version). The construction of path is similar to the one described here but without version in the path.

Configuration

Full confoguration description you can find also here

The following environmant variables are used to configure API Bridge:

Env Variable	Example Value	Descripton
APERIO_API_CONFIG (or aperio.api.congif)	api/config/dc1_12.json	Provide path to configuration file. If not provided the default configuration is used. The default configuration is taken from file: /usr/local/tomcat/webapps/api/config/config.json. Detail description of configuration file see bellow…
APERIO_SERVICE_USER_NAME	SRVUSR	Provide service IBM i user name. This is a special user profile which is used to create jobs on behalf of “real” users.
APERIO_SERVICE_USER_PASSWORD	myVerryWellSecuredPassword	Provide password for the service user
APERIO_DEFAULT_USER_NAME (or aperio.default.user.name)	APERIO	Provide default user name
APERIO_DEFAULT_USER_PASSWORD (or aperio.default.user.password)	myPassword	password for the default user
APERIO_JWT_KEY	abc45678901234567890123456789012	32 char long unique text which is used to encode API Brdige access tokens
HOSTNAME	myHostName	Test value which can be used to identify pod. If not provided then OpenShift pod name is used instead. This is only technical variable used to list active jobs on IBM i. To get list of active jobs you need to call API /api/connections. Valid access token must be provided in HTTP header.
APERIO_REQ_INCLUDE_METHOD	false	Indicates if API method is required to be sent to Aperio Backend (IBM i). true means API method will be sent in the request’s json (older Aperio backend version). false means that only RPG program will be sent in the request’s json.
QUARKUS_LOG_CATEGORY__COM_IPTOR__LEVEL	INFO	Log level for API Bridge messages. Possible values: “OFF”,“SEVERE”,“ERROR”,“FATAL”,“WARNING”,“WARN”,“INFO”,“DEBUG”,“TRACE”,“CONFIG”,“FINE”,“FINER”,“FINEST”,“ALL”
QUARKUS_OIDC_AUTH_SERVER_URL	http://dkdcvs134.ibs.net:18080/auth/realms/Iptorcom	URL to OIDC authentication server

The configuration file is a simple json file which contains pairs of variable:value. Some of the parameters from config file can be provided as environment variables. In this case the highest priority has the environment variable value. If not provided, then the confg file value is taken.

Note: The configuration file consists of some elements that belong to DC1 environment and some are related to API bridge sessings.

Example of config file:

{
        "environment": {
                "libraryList":"A120ENV,DEV121AS,DEV121AP,A120AP,IAF100AP",
                "serviceProgram": "IAFS0001",
                "initMethod": "environment.init",
                "parameters": {
                        "environmentBaseLibrary":"A120ENV",
                        "environmentId":"DEV121A"
                }
        },
        "serverTLS":false,
        "defaultUserId":"",
        "defaultUserPassword":null,
        "serviceUserId":"aperio_srv",
        "serviceUserPassword":"",
        "jobCCSID":0,
        "serverAddress":"smibsrd0.ibs.net",
        "maxJobsPerConnection":50,
        "openAPIConfigs":[
                {
                        "pathSuffix": "base",
                        "oasFiles": ["http://dkdcvs134.ibs.net:779/doc/v1/iptor-erp-api.json"]
                },
                {
                        "pathSuffix": "base-test",
                        "oasFiles": ["api/config/api/aperioTest.json"]
                }
        ],
        "environmentSelectionForm": "",
        "jwtKey": "abc45678901234567890123456789012",
        "tokenTimeout" : 36000,
        "refreshTokenTimeout" : 604800,
        "aperio.gen.config": "/api/config/api/generator.json"
}

Variable	Type	Example value	Description
environment	Object	{….}	Object gouping all DC1 environment settings
environment.libraryList	Text coma separated	“A120ENV,DEM120XS,A120AP,IAF100AP”	Initial library list for job created by service user
environment.serviceProgram	Text	“IAFS0001”	Aperio backend service program. Typically it is IAFS0001
environment.initMethod	Text	“environment.init”	The API (method) name which is used to initialize DC1 environment. Typically it is “environment.init”
environment.parameters	Object	{…}	Objects which groups parameters required by initMethod
environment.parameters.environmentLibrary	Text	“A120ENV”	DC1 Environment library
environment.parameters.environmentId	Text	“DEV121A”	DC1 Environment name
serverTLS	Boolean	false	Indicate if TLS is used to communicate to IBM i
defaultUserId	Text	“aperio”	Depreciated. IBM i user ID which will be used to handle REST APIs when no access token provided. It may be ised for open connections (no login required) - so use with caution. Equivalent environment variable: aperio.default.user.name
defaultUserPassword	Text	“password”	Depreciated. The password for default user ID (see above). Equivalent environment variable: aperio.default.user.password
serviceUserId	Text	“aperio_srv”	Service user id. This is special user profile which is used to create jobs on behalf of “real” users. This parameter can be provided also as environment variable.
serviceUserPassword	Text	“myPasswrod”	Password for service used id. This parameter can be provided also as environment variable.
jobCCSID	Number	0	Provide default IBM i job CCSID. If zero then 37 is used as default
serverAddress	Text	“10.205.10.143”	IBM i address
maxJobsPerConnection	Number	1	The maximum size for the job pool. The pool is assigned to each user-environment connection. Use value higher than 1 only if you expect concurrent calls for the same user-environment (typical UI client sends one at a time). It depends on the performance of the IBMi but usually there is no need to set it higher than 30 as too many busy parallel jobs decreases the backend response.
openAPIConfigs	JSON Array	[{…},{…},…]	List of objects representing paths to OpenAPI specifications
openAPIConfigs.pathSuffix	text	“base”	URL suffix for APIs exposed from OpenAPI specification
openAPIConfigs.oasFiles	Array of strings	[“http://dkdcvs134.ibs.net:779/doc/v1/iptor-erp-api.json”, “api/config/api.text.json”]	Array of paths/urls of OpenAPI specifications which will be injected to API bridge. API Bridge will expose APIs from OpenAPI json under specified URL suffix. Only JSON file format is supported. Here you can find more details how the rest URL is constructed.
“environmentSelectionForm”	Text	""	NOT USED in IPTOR
“jwtKey”	Text exact 32 characters	“abc45678901234567890123456789012”	32 char long base unique text which is used to encode API Bridge access tokens. This parameter can be provided also as environment variable.
“tokenTimeout”	Number	3600	API Bridge access token timeout
“refreshTokenTimeout”	Number	604800	API Bridge refresh token timeout
“aperio.gen.config”	Text	“/api/config/api/generator.json”	Restricted for Iptor PD internal use. This configuration allows Iptor to set up generation profile when OpenAPI specification is generated based on IBM i metadata.

It is reccomended to use configMaps to inject environment variables to containers (direct valurd or as JSON file). For user and password the best practice is to use secrets.

REST endpoints construction mechanism

Generally API Bridge exposes REST APIs from “rest” endpoint, but a number of elements are added to the path based on OpenAPI specification. The following pattern is used to construct REST API endpoints:

{server}:{port}/rest/{pathSuffix}/{version}/{pathsFromOpenApi}

where: pathSuffix - provided in config file connected to OpenAPI specification version - taken from OpenAPI specification - the major element of “version” value.

Example: Let assume following config.

{
    "openAPIConfigs":[
        {
                "pathSuffix":"base",
                "oasFiles":["myfile.json"]
        }
    ]

}

Then myFile.json contains following entry:

{
  "openapi" : "3.0.0",
  "info" : {
    "version" : "1.2.3",
    "title" : "Example OpenAPI spec",
  },
  "paths" : {
    "/areas" : {
        ...
}

then the elements will get following values: pathSuffix = “base” version = “1”

The URL will be as follows: http://dkdcvs134.ibs.net:8080/rest/base/1/areas