Over a million developers have joined DZone.

How to Call an API Which Uses a Self-Signed Certificate

DZone's Guide to

How to Call an API Which Uses a Self-Signed Certificate

· Integration Zone ·
Free Resource

The new Gartner Critical Capabilities report explains how APIs and microservices enable digital leaders to deliver better B2B, open banking and mobile projects.

 The Axway API Gateway, as the name suggests, is often used as a gateway in front of APIs / Web Services. The connection to the API behind the API Gateway often is over SSL. If this connection uses a self-signed certificate (i.e. not VeriSign or another global CA), then how do you configure the trust for this connection?

The first step is to import the certificate into the "Certificates" section of Policy Studio. To do this, click on the "Create/Import" button, which you can see on the bottom of the screenshot below:

Once you've imported the cert, then you need to use it in a policy. In the example below, I have a simple routing policy which will route to a backend server over SSL. The first step is to use a "Static Router" filter in order to enter the backend server name (in this case "dev.company.com") and select the radio button which specifies that I'm connecting over SSL:

I then follow this with a "Connection" filter, and I make sure that the certificate which I imported earlier is checked under "Trusted Certificates", as shown below:

Now, I apply this policy to a path off the API Gateway. Because this policy applies to any relative path, I can call a path like "/myAPI" or "/myOtherAPI" on the API Gateway, and it will be routed to the backed server using the same path. That is all you need to do to connect to an API / Web Service over an SSL connection which uses a self-signed certificate.

The new Gartner Critical Capabilities for Full Lifecycle API Management report shows how CA Technologies helps digital leaders with their B2B, open banking, and mobile initiatives. Get your copy from CA Technologies.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}