Eagle ACCESS API Gateway Customer Onboarding Checklist

This page provides a detailed customer onboarding checklist.

Eagle Access Customer Prerequisites

  1. Request API Gateway Initial Setup in Client Portal or through Technical Operations and Eagle Access Onboarding team.

    1. Provide a list of target environments to configure.

    2. Provide Eagle Access Onboarding team details about preferred connectivity method: HTTPS over Internet, HTTPS over LAN-To-LAN VPN Tunnel, MPLS, or other

      1. If over Open Internet, provide a list of IPs, IP ranges to add white list to firewall filter

      2. If over VPN, the configuration will be coordinated by the Eagle Access onboarding team between client and Eagle Access network teams

  2. Configure Authentication: Once the initial API Gateway setup is complete, it is time to determine the method for authenticating to the API Gateway. There are two auth methods described below based on customer use case.

    1. Method 1 Service/App to API Service: Provide x509 Certificate from external trusted certificate authority, 1-year expiration. A certificate using current hashing algorithm is required. Provide certificate .PEM file to API Gateway Service team via EA Onboarding team

    2. Method 2: User to API Service: Configure SSO, SAML exchange with IDP to SP. Create service request through the EA Onboarding team.

  3. Provide IP Ranges to be white-listed. The EA API Gateway service is a multi-tenant service with an IP filter configured on the edge firewall. In order to access the service the EA Onboarding team will need to submit a firewall change request to allow traffic from the customer IP addresses.

  4. Supported OAuth 2.0 Authorization Methods:

    1. Client Credentials flow: Requires client certificate included with all api calls for authentication.

    2. Authorization Code flow: Includes browser-based end user authentication through SSO.

 

Base URL to Access APIs through the Gateway

  1. NonProd [3 Character Client Prefix]-eaapimgr-dmzlb.eagleaccess.com

  2. Prod [3 Character Client Prefix]-apipgw.eagleaccess.com

 

Available Client EagleML APIs

  1. Eagle QL REST API - eagleml/v2/eql

  2. Eagle Generic Extract REST API - eagleml/v2/genericextract

  3. Eagle OLAP Report Service REST API  - eagle/report/v2

  4. EagleML Generic Healthcheck - eagleml/health/v1

  5. EagleML REST API Accounting - eagleml/v2/accounting

  6. EagleML REST API Actions - eagleml/v2/actions

  7. EagleML REST API Api-doc - eagleml/v2/api-doc

  8. EagleML REST API Entities - eagleml/v2/entities

  9. EagleML REST API Extract - eagleml/v2/extract

  10. EagleML REST API Issuer - eagleml/v2/issuer

  11. EagleML REST API Reference - eagleml/v2/reference

  12. EagleML REST API Securities - eagleml/v2/securities

  13. EagleML REST API Warehouse - eagleml/v2/warehouse

  14. EagleML REST API IssuerRole - eagleml/v2/issuerRole

  15. EagleML REST API s2pReporting - eagleml/v2/sp2Reporting

  16. Eagle Metadata API - eagleml/v2/metadata

 

Example Code Snippets

Testing certificates with curl


> curl --cert <certificate[:password]> --key  [URL] # example > curl -v  -H "Content-Type: application/json" \            --header "Authorization:Bearer [oauth token" \            --cert clientcrt.crt --key clientkey.key \   --request GET https://eaapimgr-dmzlb.eagleaccess.com/[path to api] -o 0.1.json)

Curl Command to get OATH Access Token

curl -v  https://eaapimgr-dmzlb.eagleaccess.com/auth/oauth/v2/token \   -H "Accept: application/json" \     -H "Accept-Language: en_US" \ -u "API_KEY:SHARED_SECRET" \     -d "grant_type=client_credentials"

Curl Command to Execute Published API

curl -X GET "{API_URL}" -H "accept: application/json" -H "authorization: Bearer {ACCESS_TOKEN_FROM_FIRST_STEP}"

Curl command to Retrieve OpenAPI spec from your Target App Server

 

curl --request GET 'https://xxx-eaapimgr-dmzlb.eagleaccess.com/eagleml/v2/api-doc/warehouse' \ --header 'Authorization: Bearer [oauth token] \ --cert yourclientcrt.crt -key yourclient.key