APIIDA API Gateway Manager

Advisor

The Advisor continuously monitors and analyses your Layer7 API Gateways and helps you in staying secure and adhering to the latest best practices.

If you change the environment of a node, please run the checks again to renew any outdated advices.

Acting on Advices

All advices can be viewed through the “Advisor” link in the left-hand menu.

If you want to be proactively informed about new advices check out the automation documentation. You can configure a lot of automations that are executed whenever a advice is created. This might be everything from sending a simple email to the admin to more complex scenarios as creating a related Jira issue. Most integrations offer to bring over the actions, so that you can act on advices right from Jira for example.

Run Checks

To get a valid result please make sure that all imported resources are up to date. If not, you can ensure this in "Resources" -> "Reload Resources" -> "Reload Resources from all Gateways".

To get a better overview, you can filter all advices by environments and nodes.

Suppressing Advices

If you think that a advice is a false positive, you can suppress it. This causes it to never be raised again until you end the suppression. To do this you just click the corresponding button in the action drop-down.

Types of Advices

Expiring Private Keys

Whenever the advisor detects, that one of a gateway’s private keys is about to expire it will create a advice. Expiring private keys have the potential to cause serious issues in production when API consumers stop calling your APIs because they cannot establish a trusted and secure connection to your gateway.

Expiring Trusted Certificates

As private keys, expiring trusted certificates have the potential to bring down production as well. Be it because backend systems can’t be called anymore or that authentication tokens cannot be signed.

Missing Resources Within the Same Environment

With the trend to decluster environments it is crucial that all the needed resources are prent on all gateways of an environment. Whenever a new resource is detected that is missing on other gateways within the same environment, this recommendation is created. It is aware of ongoing migrations (when conducted via the API Gateway Manager), so that it does not create false positives during migration runs.

Differing Resources Within the Same Environment

Similar to the missing resources recommendation, this one checks the resources for their content. Changing information like version number or IDs are extracted before the comparison. This makes it easy to spot differences within your environment that lead to bugs or - even worse - different behaviour depending on on which gateway a request is processed. These are probably the bugs that are most hard to find, especially with a lot of gateways in a environment.

Insecure Listening Ports

This advice warn you about listen ports, that do not use SSL/TLS to establish a secure and encrypted connection. Only using secure TLS-enabled traffic is considered a best practice and conforms to the Zero Trust mindset.