How to Troubleshoot a Service in the Layer7 API Gateway

Article By: Eunice Mushawatu

When publishing, managing, and maintaining application programming interfaces (APIs); running into issues every so often is to be expected, especially in the development and staging phases. The Layer7 API Gateway provides a centralized place for all APIs in an organization. It provides the advantage of a single point of entry for all microservices, but from an end-user or client point of view, if an API returns unexpected results and/or errors, the blame almost always goes to the API Gateway. This guide will discuss how to troubleshoot services in the API Gateway. The issues most likely exist elsewhere, but a skilled API administrator should be able to identify an issue and give more information on the source as well as possible resolutions, even if the issue is not at the API Gateway level.

Figure 1- Request/Response flow via the Layer7 API Gateway

Identify Error Messages 

The first step in the event of an error is understanding the error message. The most important point is to recognize the origin of the error. Errors are typically any one of the following types of errors:

  1. Network Errors
  2. Gateway Errors
  3. Client Errors
  4. Server Errors 

View Logs 

The next focus should be viewing the logs on the API Gateway. While the error message presented gives us a clue as to what may be wrong, often the logs will give better insight as to the cause of the error. To view logs on the API Gateway follow the steps below.

  1. Log in to the Policy Manager
  2. Click on View > View logs

  3. Select the main log for the time frame and click View

Audit 

The Layer7 API Gateway gives us the ability to control audits. This can be a very powerful tool when troubleshooting a service that is not working as expected. In the policy for the service, the policy administrator can add audits that track the values of the different variables at play; and compare the results to what was expected. 

  1. To enable audit tracking, add the Audit Messages in Policy assertion to the services policy.
  2.  You have the option to capture the request and response. To capture both, double-click the assertion and enable the radio buttons as shown below.
  3. Now, you can record audit details at any part of your policy by adding the Add Audit Details assertion wherever necessary.

    Whatever has been defined in the audit details and the request and response of each transaction will be recorded and can be viewed when you open the audits tab. To view audits in the Policy Manager, follow the steps below:
    1. Click View > Gateway Audit Events
    2. Click on the transaction to view more details

Trace Request 

From the section above, we see how to add audit details to a service. In this section we will discuss how to inspect a transaction by viewing the request, audit details, logs and response in a single view using the audit viewer in the Policy Manager. 

  1. Open the Audit viewer by clicking View > Gateway Audit Events 
  2. Select an audit record to view.
  3. At the bottom, click on the Details tab 
    1. The Details tab gives you transaction information including time of request, the status , the requestor IP, response time and the size of the request and response. This can be valuable information when troubleshooting a service.
    2. The Associated Logs tab displays the logs associated with the specified transaction as shown below. This is a simpler view of the logs compared to using the log viewer and trying to filter logs that are specific to a certain transaction.
    3. The Request and Response tab is very important when troubleshooting. It displays the request message that came through to the API Gateway and the response that left the Gateway. These tabs are only populated when the audit messages in policy assertion specifies to capture the request and/or response.

Trace Policy

Some APIs require more logic implementation in the policy than others. Sometimes such APIs can become rather dense in terms of the policy associated with them. As part of the troubleshooting process, it is important to make sure that the actual policy did not introduce the errors to the API causing it to fail. This is where the service debugger tool comes into play.

The service debugger allows you to do the following when troubleshooting a service:

  1. Add or remove breakpoints 
  2. Go through a policy line by line 
  3. View the changing variables

To debug a policy within the Policy Manager, follow the steps below:

  1. Right-click a policy available in the Services and Policies list.
  2. Select Service Debugger.
    Note: The active version of the policy is loaded into the Service Debugger dialog.

Breakpoints allow you to suspend processing of a message at a particular point in the policy allowing you to examine the values of context variables used in the policy and/or step through the policy manually. To enable/disable a breakpoint do the following:

  1. To enable a breakpoint right click an assertion and select Toggle Breakpoint.
    1. Repeat the same to disable the breakpoint 
  2. Click Remove All Breakpoints to delete all breakpoints at once 

When processing is suspended at a breakpoint, you can now step through the policy manually by using the Step Into button to go line by line. Active assertion is shown by the yellow highlight as you step through

The context variable tree displays the context variables that have been set, and changes as a message progresses through the policy. This is an easy way to watch in real time the changes happening to your request as the gateway processes it. The context variables are in the following format 

Name={datatype} “value”. Example shown above.

Summary of Troubleshooting a Service in the Layer7 API Gateway 

Troubleshooting APIs published on the Gateway can sometimes be quite the task. This article is meant to help the beginner figure out what tools are available and hopefully be able to devise a strategy to solve the problem. There are other methods, tips, and tools not covered in this article—be on the lookout for solution guides for common issues in the Layer7 API Gateway. 

Looking for additional help with API gateway troubleshooting? ISX Consulting is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including API gateways and general API management. Take your interoperability to the next level, and contact an ISX consultant today.

ISXHow to Troubleshoot a Service in the Layer7 API Gateway

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *