(Upgrade to) Gravitee 3.X as Platform API Manager

Owned by Onesait Platform
Last updated: 19/03/24
3 min read

Available as of Platform Release 5.3.0 (Ultimate)

Introduction

Onesait Platform uses Gravitee as an advanced API Manager when advanced API management functionalities are needed. Until now we used Gravitee version 1.X.

In this release the advanced Platform API Manager is based on Gravitee 3.X.

Let's see what's new in Gravitee 3.

New Gravitee 3 features

Publication of APIs as protocol mediation to MQTT, Kafka, gRPC…

With the new version of Gravitee, you can expose APIs or entrypoints that act as entry points to Kafka, MQTT, gRPC backends, among others.

For more detailed information you can consult this documentation: https://www.gravitee.io/platform/service-management-ecosystem

New Management UI

Improvements in monitoring, logs, analytics and alarm management have been included in the new API Manager Management UI.

Policy studio

In the previous version of Gravitee, the panel for configuring policies was as follows:

In the new version, what they call “Policy Studio” has been developed, from where the policies for the different API paths will now be configured.

In addition, various policies that did not exist before have been included for greater flexibility in development:

Debug requests

In the policy studio they have included a debug mode, to be able to make requests and be able to observe the values of the request and the responses to the API in all its phases. This is very practical since it allows you to debug all the policies applied to an API.

New API Portal

In the new version, Gravitee has decoupled the API portal from the management UI, in such a way that it has dedicated a UI in the form of an API Portal, thinking about the endusers of this Portal.

This UI is also customizable to give it our style.

Platform improvements

Platform realms integration and Oauth 2 security plans

The platform Realm concept has been related and integrated with the Gravitee application, with the objective of restricting access to APIs secured by JWT/Oauth 2 plans by client_id.

In this way we can secure the APIs published in Gravitee and restrict which Realms (or default client onesaitplatform) have access to the API.

To do this we will have to enable publishing in Gravitee and the creation of a JWT/Oauth 2 Plan:

When editing the API, a new side tab will appear to continue managing this security:

API changes are reflected in Gravitee

From now on, changes made to an API published in Gravitee, such as operations or swagger, will be reflected in Gravitee.

Invocation from Swagger with API Key and JWT

A change has been added to the API swaggers, so that they can be used with API Key security (internal APIs) and JWT/Oauth 2