According to the architecture of WSO2 API Cloud, all API calls that go out to your backend services from WSO2 API Cloud go through the Cloud's API Gateway. The API Gateway handles user requests, user authentication via OAuth, enforces security policies etc.
In order to connect to your backend services from the API Cloud, the following should be facilitated:
- The API Gateway should be able to connect to the backend services.
- If your backend services are exposed to the Internet (e.g., hosted in WSO2 App Cloud or another cloud platform), then the API Gateway can connect to them via their Internet URLs.
- If your backend services are private to your Intranet, WSO2 supports the following methods to set up the connectivity from the API Gateway to your backend services.
- Using a reverse proxy in your DMZ. The API Gateway then connects to the publicly visible reverse proxy, which in turn passes the calls to the backend service.
- Using a VPN link between the API Cloud and your Intranet.
- Your backend services should be secure so that they are accessed securely by managed APIs through the API Gateway. WSO2 supports the following methods.
- Using basic authentication
- Using digest authentication
- Using a custom authorization token
- Using a certificate-based API Gateway
- Whitelisting IPs