Unable to create an API having Policy Templates other than default using PAPI

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

We created custom policy templates: GetRequestHeaders, SetPortRestriction, SetResponseHeaders to be added as a policy template. When developer uses PAPI to deploy new API get the following error:

{"error": {
"code": "ValidationException",
"message": {
"lang": "en",
"value": "The request could not be completed due to data input errors."
},
"detail": {
"errorCode": "483",
"devErrorMessage": "The request could not be completed due to data input errors.",
"userErrorMessage": "The request could not be completed due to data input errors.",
"userErrorKey": "error.validation.entity",
"validationErrors": [
{
"field": "ApiEula",
"error": "API Eula referenced doesn't exist.",
"key": "error.apiApiEulaNotExists"
},
{
"field": "PolicyTemplateArguments",
"error": "Cannot save Portal Published API with mismatch of Policy Template arguments compared to Gateway Policy Template.",
"key": "error.api.gateway.policytemplate.arg.mismatch"
}
]
}
}}

Problem facing was related to the endpoint POSTING to
/tenantname/Apis
This reference is for the 1.0 version which did not support multiple templates

The current endpoint is:
/tenantname//2.0/Apis
Supports multiple policy templates also has different format for payload

Environment

Portal 4.2

Resolution

[INSTRUCTION]
=============
Step 1 Create custom policy template

Created Policy add logic for service getRequestHeaders
Set as Portal Publisher Fragment
Create Encapsulated Assertion

Click link for more details related to policy template:

Step 2 Check that the Policy Template is available in the Portal review API look under “Proxy Configuration”

<Please see attached file for image>

Step 3 Retrieve the UUID for the APIEulas from the portal
This can be done in API Explorer, SoapUI, or Postman

API Explorer example:

Access Portal Tenant: https://tenant4.support.local/admin/
Click “Portal API” this will take you to Admin Portal (example: https://apim.support.local/admin)
API Pull down select “Portal API (tenant4)
Portal API (Tenant4) click “ApisAulas: API Enf usericenseAgreement operation”
Click GET /ApiEulas, then submit (Take down the UUID)

<Please see attached file for image>

Step 4 Retrieve the Policy template info (UUID of the policy objects)
This can be done in API Explorer, SoapUI, or Postman

API Explorer example:

Access Portal Tenant: https://tenant4.support.local/admin/
Click “Portal API” this will take you to Admin Portal (example: https://apim.support.local/admin)
API Pull down select “Portal API (tenant4)
Portal API (Tenant4) click “Apis: API operations”

<Please see attached file for image>

Navigate down to GET /policyTemplates
Click Submit
This will use the API key and Shared Secret to return all the info related to the Policy Template - suggest coping the Response body to text editor (from here you have the UUID and arguments

Postman example, first need to get access_token

CURL:

c:\curl --insecure -X POST -d "username=tenant4%5cadmin&password=7layer&grant_type=password&client_id=53f1d4d58cd34181b63dc59589e18515&client_secret=52ecc9a73dbb4ebb81fa783952128ebe" https://apim-ssg.support.local:9443/auth/oauth/v2/token

json return:

{
"access_token":"09174147-3ef9-4613-88b8-0f328e17c6b0",
"token_type":"Bearer",
"expires_in":3600,
"refresh_token":"a0c8f961-422e-4b07-934f-c32360a7bfa3",
"scope":"oob"}

Postman/SoapUI:
Call #1 to receive OAuth Token:

Method: POST

Endpoint: https://{{ PAPI_PORTAL_TSSG }}:9443/auth/oauth/v2/token
Endpoint Example: https://apim-ssg.support.local:9443/auth/oauth/v2/token

Query Parameters (Get values from the Application for PAPI details in API Explorer):
client_id = 53f1d4d58cd34181b63dc59589e18515
client_secret = 52ecc9a73dbb4ebb81fa783952128ebe
grant_type = client_credentials

Headers:
Content-Type = application/x-www-form-urlencoded

Response #1 will look like:
{
"access_token": "af5dfa2b-bf96-4e7a-a635-e928f56adaf7",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "oob"
}

Call #2 to PAPI endpoint, example to List APIs:
Method: GET
Endpoint Template: https://{{ PAPI_PORTAL_TSSG }}:9443/{{ papi_tenant_id }}/2.0/Apis
Endpoint Example: https://apim-ssg.ca.com:9443/tenant2/2.0/Apis

Headers:
Authorization = Bearer af5dfa2b-bf96-4e7a-a635-e928f56adaf7

Launch Postman

GET for Policy Templates: https://apim-ssg.support.local:9443/tenant4/policyTemplates
Authorization use the access_token from curl results as followed

<Please see attached file for image>

Data contained in the Body:

<Please see attached file for image>

Step 5: To build the payload for multiple/custom policy temples need to do a get on /2.0/Apis NOT /Apis (this is old with different structure) to understand json structure

NOTE: there is no swagger for Get /2.0/Apis need to use a tool like Postman

<Please see attached file for image>

"PolicyEntities": {
"results": [
{
"PolicyEntityUuid": "172594b6-18ba-4b0c-8d61-807db457e81d",
"PolicyTemplateArguments": {
"results": []
}
}
]

Step 6: Build Payload (structure)
Two templates in this example:

Custom getRequestHeaders
Quota by Month

getRequestHeaders:

{
"uuid": "30a6d908-497b-4336-b25e-bf2c0e31f5be",
"encassId": "35df6c7e5522c546d000161fbf78ffea",
"name": "getRequestHeaders",
"description": "",
"policyGuid": "6c113c5e-6811-4270-b00a-d5eb4eadb83b",
"fragmentDetails": {
"hasRouting": false,
"parsedPolicyDetails": ""
},
"arguments": [],
"default": false
}

Quota by Month:

{
"uuid": "952820cd-9454-458b-92e1-3c45bdb7a6aa",
"encassId": "3322031b114b9ab1ed3b2fdb6f575424",
"name": "Quota by Month",
"description": "Quota by Month",
"policyGuid": "9821aceb-20c8-4f54-a056-fced22834530",
"fragmentDetails": {
"hasRouting": false,
"parsedPolicyDetails": ""
},
"arguments": [
{
"name": "quotaHitsPerMonth",
"type": "int",
"label": "Hits (max: 2000000000) *"
}
],
"default": false
},

Final payloaded using the UUIDs for both templates and arguments

{
"Name": "My Swagger Petstore 69",
"Version": "1",
"ApiEulaUuid": "bcb5798d-1cc8-40f3-a443-887db30c24af",
"PrivateDescription": "",
"Description": "This is a sample server Petstore server. You can find out more about Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/). ",
"SsgUrl": "PetStore_69",
"PolicyEntities": {
"results": [
{
"PolicyEntityUuid": "30a6d908-497b-4336-b25e-bf2c0e31f5be",
"PolicyTemplateArguments": {
"results": []
}
},
                               {
"PolicyEntityUuid": "952820cd-9454-458b-92e1-3c45bdb7a6aa",
"PolicyTemplateArguments": {
"results": [
{
"ApiUuid": "{{GENERATED_UUID}}",
"Name": "quotaHitsPerMonth",
"Value": "0",
"Label": "Hits (max: 2000000000) *",
"Type": "int",
"PolicyTemplateUuid": "952820cd-9454-458b-92e1-3c45bdb7a6aa"
}
                           ]
                       }
               }
]
},
"AuthenticationType": "NONE",
"AuthenticationParameters": "{}",
"ApiLocationUrl": "https://petstore.swagger.io/v2/70",
"Uuid": "{{GENERATED_GUID}}"
}

Step 7: Validate new API and it’s templates:

<Please see attached file for image>

Attachments

1558688103880000130098_sktwi1f5rjvs16fi3.png get_app

1558688101984000130098_sktwi1f5rjvs16fi2.png get_app

1558688100150000130098_sktwi1f5rjvs16fi1.png get_app

1558688098212000130098_sktwi1f5rjvs16fi0.png get_app

1558688096098000130098_sktwi1f5rjvs16fhz.png get_app

1558688094135000130098_sktwi1f5rjvs16fhy.png get_app

1558688091090000130098_sktwi1f5rjvs16fhx.png get_app