AMPLIFY API MANAGEMENT

Error management

#axway
Welcome To Our Presentation
Error management

Our Goals • Understand what is provided out of the box

• Manage properly the error in a policy
• Understand how to leverage alerts and SLA
• Configure policy audit trail properly

2
Welcome To Our Presentation
Error management

Agenda Out of the box features

Policy and error management

Alerts

Audit trail

3
Out of the box features

4
Out of the box features
• There are lots of features provided
for monitoring and error detections
• No or little configuration
required

• They are provided by default with API

Manager

• You can add simple configuration in

policies to leverage it

5
Monitoring: API Gateway Manager
• 3 possible transaction and status
• Passed
• Blocked
• Exception

• Summary is available in "Dashboard"

• Transaction list is available in "Traffic"

6
Troubleshoot: API Gateway Manager
• All transactions detail available for
troubleshooting

• Log level can be modified dynamically,

on the listener part

7
Logging: API Gateway Manager/ File system
• Multiple aspects of logging provided
• Domain Audit:
domain changes (i.e. infrastructure)
• Transaction Audit Log:
transaction audit trail (i.e. processing)
• Transaction Access log:
summary of the HTTP request/response
• Transaction Event log:
detailed transaction information, used by 3rd party
• Open logging:
detailed information, similar to traffic monitor
• Traces:
instances low level traces

• Detailed in Administration course

8
Operational intelligence: Embedded Analytics
• Detect error in real time using
Embedded Analytics dashboards

• Different dashboards, for different

users (ie company roles)

9
Get service and subject from policy
• In Traffic transaction list, there are
"Service" and "Subject" columns

• This is set OOTB by API Manager

• Use "Set Service context" filter to set

it in a policy

10
Set correct information to Embedded Analytics with policy
• Execute tasks described here
• Service context
• soap.request.method attribute
• ADI route configuration

• Otherwise, event will be marked as

"uncategorized”

11
Policy and error
management

12
Reminder: Policy Edition and Design
• Policies are composed of filters
• Policies can also be referenced as “circuit”

• Filters are added by drag and drop from right panel

(Filter palette)

• Policies can be dragged & dropped too (shortcut)

• Very efficient for reusability

• Each filter has 3 possible outputs

• Green: success
• Red: failure
• Implicitly, exception path
• Cached by Fault Handlers

• Note: for some filters, green and red mean in fact

true and false
13
Reminder: Start-End Markers
• The first element of a circuit must have a
starting filter
• Right-click on the first filter to “Set as
Start”
• Filters not linked to start are greyed

• “End” tag show that a filter can be the last

in circuit execution

• “Start/End” combines “Start” and “End”

tags

14
Simple example: virtualization
• To be very clear, let's take a simple
virtualization example
• "Connect to URL" to a backend
service
• Policy exposed on HTTP
"/myapi"

15
Implicit output

Equivalent to

Remember there is the Exception path too, never shown.

Available output and End

End, because not all paths defined No end, because all paths defined

Notice some filters have only part

of the outputs
16
Path and monitoring

Following outputs

Have following
status

17
Error handler
• Error handler is a catcher for
"Failure" path and "Exception" path
• If a step finish "Failure" or
"Exception'

• Drag & drop an a policy, linked to

nothing

• Right-click set as fault handler

• This is a standard policy

• No restrictions
18
 Path and shortcut
Shortcut can "End", since
"Failure" path is not covered

Mechanism is recursive

"Fail" without triggering handler Send exception

Use "Set Response Use "Abort"

Status" filter filter

19
"Fault handlers" filter menu
Generate error message
Consider it as default
Not much used, as custom
error messages are preferred

Good security practice

Limit information reported Admin/support will find it

Put transaction id in it
20
Error management: example of good practice

• An error message must be set for each failure

• Set message attributes you defined…
• … that will be used in error message in fault
handler
• Use explicit true and false filter for readability
21
Alerts

22
Alert filter
• Send notifications to 3rd party with many different
connectors
• Twitter
• Syslog (remote/local)
• Email
• SNMP
• OPSEC
• AWS SNS
• Window Event Log

• Typically for hypervisor

• Advice: only use alerts when relevant

• No one is reading 1000 alerts mails per day

23
Alert filter

Accumulate message by Set Message

number or time (like the filter) 24
SLA filter
• SLA filter is sending alerts if some
criteria are not met, as
• Communication failure
• HTTP code
• Response time

• And only on these criteria

• But other can be calculated
and an alert triggered

25
Alert and API Gateway Manager
• The different kind of alerts are
visible in API Gateway Manager
• Transaction audit
• Alerts
• SLA Alerts

• First purpose of alert is still to notify

3rd parties

26
Note: Alerts in API Manager
• Note the same concept
• "Events" word concept is more matching
the concept

• Alert in policy can fit well "Alert" in API

Manager
• Default implementation
• Anything can be use

27
Audit trail

28
Transaction Audit Log = transaction audit trail (i.e. processing)

• Out of the box, fine grain,

transaction audit capability

• Content configurable at filter level

• Integrity protected by signature

29
Transaction Audit Log - consistency with Traffic Monitor
Transaction Audit Message displayed in Traffic Monitor…
Traffic Monitor

… is same message in Transaction Audit Log

Events

30
Transaction Audit Log - configuration

Destinations

Activate
destination
Destination
configuration
Message written

Signature
Configuration
location

31
Transaction Audit Log - configuration - more details
Possible destinations

Format

• "text" is the message configured in filter panel

• Others are explicit
• Find additional information in documentation

32
Filter Transaction Audit panel - The Next button
All filters have a second tab for Transaction Audit Log configuration.

Choose this option to log Success or Fatal.

Default log messages but customizable. Selectors can be

used for example:

If ‘axway’ is not a valid user, the following message will

be logged:

"Next" always leads to this panel 33

Wrap-up

34
Wrap-up
• AMPLIFY API Management provides already all the monitoring features
• But only developer can define what is "normal" and what is error - leveraging
paths and handler
• Thinks about "Transaction Audit Log" if you need an audit trail

35
Thank you!

36