OCI API Gateway
Introduction
OCI API Gateway is a fully managed, scalable, and secure service that allows you to expose, manage, and monitor APIs in Oracle Cloud Infrastructure (OCI). It enables routing, authentication, authorization, rate limiting, and logging for APIs, making it easier to integrate services and applications.
Getting Started
Compatibility
vuSmartMaps supports the monitoring of OCI API Gateway for availability, request rate, error rates, and response latency.
Data Collection Method
vuSmartMaps collects OCI API Gateway metrics using an internal data collector. This agent collects data based on the source configuration.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'oci' under the 'Definition' tab.
Inputs for Configuring Data Source
- Compartment ID: The unique identifier (OCID) of the compartment in which your API Gateway resources are located.
- Region: The OCI region where your resources are located.
- Credential: The tenancy, user, and PEM file required for authentication with OCI.
- Interval (in minutes): Time interval for polling data from the OCI Gateway. Period should be between 5m – 60m.
- Rate Limit: The Maximum requests per second. Note that the global default OCI rate limit is 5 reqs/sec.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | OCI API Gateway ListMetrics and SummarizeMetricsData API | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
The User account provided in the configuration must have the minimum permissions listed below to collect metrics for all OCI API Gateway:
Allow group <group name> to inspect metrics in compartment <compartment name>
Allow group <group name> to read metrics in compartment <compartment name>
See also: Permissions Required for Each API Operation Note: Because the configuration requires the Compartment ID & Region, a new endpoint or monitoring configuration will need to be created to monitor a new region or compartment.
Refer to Oracle documentation for details on how to set up the monitoring endpoint access: OCI API concepts API signing key handling Required Keys and OCIDs
Configuration Steps
- Before configuring OCI API Gateway O11ysource, you must create a 'credential' of type 'OCI' under 'Definition' tab:
- *Name: The name of the credentials.
- *Tenancy: The OCID of your OCI tenancy, which acts as the root container for all your OCI resources.
- *User: The OCID of the user that will be used for authentication in API requests.
- *Fingerprint: A unique identifier for the public key associated with the API signing key of the user.
- *Private Key File: RSA key pair in string format. You can use the following command to convert the PEM format file into a single line string.
awk 'NF {sub(/\r/, """"); printf ""%s\\n"",$0;}' <path to API Key>
Enablethe O11ySource.- Select the sources tab and press the
+button to add a new instance that has to be monitored. - Provide the required configurations:
- *Compartment ID
- *Region
- *Credential
- *Interval (in minutes)
- *Rate Limit (Change only if required)
- Click
Saveto close the data source window.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| Backend Responses | The total number of HTTP responses returned by the back-end services. | UInt32 |
| Bytes Received | The total number of bytes received by the API gateway from API clients. | UInt64 |
| Bytes Sent | The total number of bytes sent by the API gateway to API clients. | UInt64 |
| API Requests | The total number of incoming API client requests to the API gateway. | UInt32 |
| API Responses | The total number of HTTP responses that the API gateway has sent back. | UInt32 |
| Backend Latency | The average time taken for the integration layer to process requests. | Float32 |
| Internal Latency | The average time taken for internal processing within the API gateway. | Float32 |
| Gateway Latency | The average total time taken to process requests, from receipt to response. | Float32 |
| Name | The name of the metric namespace, typically "oci_apigateway" for API Gateway metrics. | String |
| Backend HTTP Status Category | The category of the HTTP response status code received from the back end (e.g., "5xx" for server errors). | String |
| Backend HTTP Status Code | The specific HTTP response status code received from the back end (e.g., "500" for Internal Server Error). | String |
| Backend Type | The type of back end to which an API gateway routes requests (e.g., "http"). | String |
| Compartment Id | The Oracle Cloud Identifier (OCID) of the compartment containing the resource. | String |
| Deployment Id | The OCID of the API deployment. | String |
| Deployment Name | The name of the API deployment. | String |
| Http Method Type | The HTTP method of incoming connections accepted by the back-end service (e.g., GET, POST). | String |
| Http Status Category | The category of the HTTP response status code received from the API gateway (e.g., "5xx" for server errors). | String |
| Http Status Code | The specific HTTP response status code received from the API gateway (e.g., "500" for Internal Server Error). | String |
| Region | The Oracle Cloud Infrastructure region where the resource is located (e.g., "ap-sydney-1"). | String |
| Resource Id | The OCID of the API gateway resource. | String |
| Resource Name | The name of the API gateway resource. | String |
| Resource Tenant ID | The OCID of the tenancy (root compartment) that owns the resource. | String |
| Route | The route path for API calls to the back-end service (e.g., "/data"). | String |
| Timestamp | The timestamp in ISO 8601 format. | DateTime64 |
