There are a number of steps that need to be taken to configure API Gateway correctly.

The purpose of the API token is to provide identification and separation of different apps, but also providing security, without need to provide Orchestra account information. Also, you get better control over the load on Orchestra.

To generate an API Token:

Run the script api-token-generator.bat, located in the <installation directory>\bin folder. We highly recommend that you run the script in a Command Prompt, so that the progress is visible.

Once the API Token has been generated, you need to update the file application.yml, see “Configuration in application.yml” , so it is recommended that you make a note of the API Token, so that you can use it later.

We recommend setting up the API Gateway using SSL, to make sure that the API token stays hidden.

To enable SSL/ HTTPS on the front-end of the API Gateway:

Set up SSL certificates, according to the normal Orchestra routines. For more information, see the Orchestra Reference Manual.

Make sure that the keystore.jks file is saved in <installation directory>\conf.

Further configuration is done in the application.yml file, later on.

For more information, see Running HTTPS from Mobile applications to API Gateway and Running HTTPS from API Gateway towards Orchestra.

Depending on how you want to use the API Gateway, you will need to expose different connectors.

Access to the Mobile connector is configured in a slightly special way, compared to access to other connectors. So if you need access to the Mobile connector, please see “Mobile Connector User” . For other connectors, see Normal Connector User below.

For the API Gateway to work correctly with all connectors, except the Mobile connector, you need to create a User for this purpose in Orchestra. For Mobile connector users, see “Mobile Connector User” .

Follow these steps:

At a later stage, this User will be updated in the <installation directory>\conf\application.yml file. For more information, see “Configuration in application.yml” .

If you are going use a Mobile Connector User, add the VisitApp Unit Type in the System Administration application, in the Unit Types tab. Then, add it to your Equipment Profile, in the Business Configuration application, and configure it both on Equipment Profile and Branch level. For more information, see the Standard Unit Types Guide, found on Qmatic World.

In the Business Configuration application, make sure that you have configured the Services and Branches that you want to be available via the API Gateway correctly. This means that the following needs to be configured:

In order for the passwords not to be visible anywhere in plain text, the passwords for Orchestra should be encrypted when configuring the API key and the Orchestra user.

To create an encrypted password, run the script password-encoder.bat, located in <Installation directory>\bin. It is highly recommended that you run the script in a Command Prompt, so that you will see the encrypted password in clear text.

Make a note of the encrypted password, since you will be entering it into the apllication.yml file at a later stage. For more information, see “Configuration in application.yml” .

You will need to open your firewall to port 9090.

This is done in the Windows Control Panel, by following these steps:

Enter a Name and a Description for the rule, then click Finish.