APIIDA API Gateway Manager
Advisor
The Advisor continuously monitors and analyses your Layer7 API Gateways and helps you in staying secure and adhering to the latest best practices.
If you change the environment of a node, please run the checks again to renew any outdated advices.
Acting on Advices
All advices can be viewed through the “Advisor” link in the left-hand menu.
If you want to be proactively informed about new advices check out the automation documentation. You can configure a lot of automations that are executed whenever a advice is created. This might be everything from sending a simple email to the admin to more complex scenarios as creating a related Jira issue. Most integrations offer to bring over the actions, so that you can act on advices right from Jira for example.
Run Checks
To get a valid result please make sure that all imported resources are up to date. If not, you can ensure this in "Resources" -> "Reload Resources" -> "Reload Resources from all Gateways".
Search
To get a better overview, you can filter all advices by environments and nodes.
Suppressing Advices
If you think that a advice is a false positive, you can suppress it. This causes it to never be raised again until you end the suppression. To do this you just click the corresponding button in the action drop-down.
Types of Advices
Expiring Private Keys
Whenever the advisor detects, that one of a gateway’s private keys is about to expire it will create a advice. Expiring private keys have the potential to cause serious issues in production when API consumers stop calling your APIs because they cannot establish a trusted and secure connection to your gateway.
Expiring Trusted Certificates
As private keys, expiring trusted certificates have the potential to bring down production as well. Be it because backend systems can’t be called anymore or that authentication tokens cannot be signed.
Missing Resources Within the Same Environment
With the trend to decluster environments it is crucial that all the needed resources are prent on all gateways of an environment. Whenever a new resource is detected that is missing on other gateways within the same environment, this recommendation is created. It is aware of ongoing migrations (when conducted via the API Gateway Manager), so that it does not create false positives during migration runs.
Differing Resources Within the Same Environment
Similar to the missing resources recommendation, this one checks the resources for their content. Changing information like version number or IDs are extracted before the comparison. This makes it easy to spot differences within your environment that lead to bugs or - even worse - different behaviour depending on on which gateway a request is processed. These are probably the bugs that are most hard to find, especially with a lot of gateways in a environment.
Insecure Listening Ports
This advice warn you about listen ports, that do not use SSL/TLS to establish a secure and encrypted connection. Only using secure TLS-enabled traffic is considered a best practice and conforms to the Zero Trust mindset.