Eagle ACCESS API Gateway Customer Onboarding Checklist
This page provides a detailed customer onboarding checklist.
Eagle Access Customer Prerequisites
Request API Gateway Initial Setup in Client Portal or through Technical Operations and Eagle Access Onboarding team.
Provide a list of target environments to configure.
Provide Eagle Access Onboarding team details about preferred connectivity method: HTTPS over Internet, HTTPS over LAN-To-LAN VPN Tunnel, MPLS, or other
If over Open Internet, provide a list of IPs, IP ranges to add white list to firewall filter
If over VPN, the configuration will be coordinated by the Eagle Access onboarding team between client and Eagle Access network teams
Configure Authentication: Once the initial API Gateway setup is complete, it is time to determine the method for authenticating to the API Gateway. There are two auth methods described below based on customer use case.
Method 1 Service/App to API Service: Provide x509 Certificate from external trusted certificate authority, 1-year expiration. A certificate using current hashing algorithm is required. Provide certificate .PEM file to API Gateway Service team via EA Onboarding team
Method 2: User to API Service: Configure SSO, SAML exchange with IDP to SP. Create service request through the EA Onboarding team.
Provide IP Ranges to be white-listed. The EA API Gateway service is a multi-tenant service with an IP filter configured on the edge firewall. In order to access the service the EA Onboarding team will need to submit a firewall change request to allow traffic from the customer IP addresses.
Supported OAuth 2.0 Authorization Methods:
Client Credentials flow: Requires client certificate included with all api calls for authentication.
Authorization Code flow: Includes browser-based end user authentication through SSO.
Base URL to Access APIs through the Gateway
NonProd [3 Character Client Prefix]-eaapimgr-dmzlb.eagleaccess.com
Prod [3 Character Client Prefix]-apipgw.eagleaccess.com
Available Client EagleML APIs
Eagle QL REST API - eagleml/v2/eql
Eagle Generic Extract REST API - eagleml/v2/genericextract
Eagle OLAP Report Service REST API - eagle/report/v2
EagleML Generic Healthcheck - eagleml/health/v1
EagleML REST API Accounting - eagleml/v2/accounting
EagleML REST API Actions - eagleml/v2/actions
EagleML REST API Api-doc - eagleml/v2/api-doc
EagleML REST API Entities - eagleml/v2/entities
EagleML REST API Extract - eagleml/v2/extract
EagleML REST API Issuer - eagleml/v2/issuer
EagleML REST API Reference - eagleml/v2/reference
EagleML REST API Securities - eagleml/v2/securities
EagleML REST API Warehouse - eagleml/v2/warehouse
EagleML REST API IssuerRole - eagleml/v2/issuerRole
EagleML REST API s2pReporting - eagleml/v2/sp2Reporting
Eagle Metadata API - eagleml/v2/metadata
Example Code Snippets
Testing certificates with curl
> curl --cert <certificate[:password]> --key [URL]
# example
> curl -v -H "Content-Type: application/json" \
--header "Authorization:Bearer [oauth token" \
--cert clientcrt.crt --key clientkey.key \
--request GET https://eaapimgr-dmzlb.eagleaccess.com/[path to api] -o 0.1.json)
Curl Command to get OATH Access Token
curl -v
https://eaapimgr-dmzlb.eagleaccess.com/auth/oauth/v2/token \
-H "Accept: application/json" \
-H "Accept-Language: en_US" \
-u "API_KEY:SHARED_SECRET" \
-d "grant_type=client_credentials"
Curl Command to Execute Published API
curl -X GET "{API_URL}" -H "accept: application/json" -H "authorization: Bearer {ACCESS_TOKEN_FROM_FIRST_STEP}"
Curl command to Retrieve OpenAPI spec from your Target App Server
curl --request GET 'https://xxx-eaapimgr-dmzlb.eagleaccess.com/eagleml/v2/api-doc/warehouse' \
--header 'Authorization: Bearer [oauth token] \
--cert yourclientcrt.crt -key yourclient.key