Broadcom API Gateway (formerly CA Technologies API Gateway) is a service that sits between a client and a server. However, before we get into routing a request from the API Gateway onto a server, a good place to start is by making a connection to the API Gateway and then displaying some sort of output, such as Hello World. This can be done by creating a simple REST service in the API Gateway and then having the simple REST service display Hello World using the Return Template Response to Requestor Assertion.

A server could be any type of server that serves content, such as a web server, an application server, an FTP server, et cetera.

Or, as a bit of a more practical example:

• The Outbound Request - An application in your internal network may route a request through the API Gateway to an external service.
• The Inbound Response - The external service would respond and the response could be routed through the API Gateway to the application in your internal network.

Be aware that almost always there will be a load balancer that is used to determine which API Gateway server a request is routed onto when the API Gateway contains a cluster of nodes.

For example, let's say you want requests for www.example.com to route through the API Gateway. First, do the following:

• Start the API Gateway
• Ensure the API Gateway is running

Then you could Publish a Web API.

At this point, the API Gateway isn't doing much. It's just routing requests on. Let's add some security controls. Let's say you want to require users to authenticate before returning www.example.com. This can be done by doing the following:

• Create a user or group in an Identity Provider
• Add the Require HTTP Basic Credentials and Authenticate User or Group assertions to the service.

If the user forgot their password, you can reset the users password.