Api Proxy throws 400 error

Not applicable

Hi,

We have created CNAME record api-test.indix.com -> org-name.test.apigee.net and then

created a api proxy in apigee

Base Path: v2-indix-proxy

target_url https://xxxx-api-lb-xxx.xxxx.elb.amazonaws.com/v2

The api request via api-test.indix.com always throws 404. Any help is highly appreciated.

Thanks,

Jeevan

1 9 584
9 REPLIES 9

adas
Participant V

Please make sure your virtualhost alias is updated to reflect the CNAME change. I am guessing you are calling the API as curl -v http://api-test.indix.com/v2-indix-proxy.

In that case, your virtualhost alias that was previously setup as org-test.apigee.net need to be updated with the CNAME alias api-test.indix.com.

Thanks for your response. Right now I am in a trail plan and I didn't find an option to add virtualhost alias. Is it something achievable on our own or do we need to contact apigee folks?

Thanks for your response. Right now I am in a trail plan and I didn't find an option to add virtualhost alias. Is it something achievable on our own or do we need to contact apigee folks?

@jeevan,

First thing first, is your VHOST for CNAME api-test.indix.com a secured VHOST ie SSL enabled, if yes then you need to use https:// instead of http://

Second thing, definetly VHOST must have been created for this VHOST. Please check the VHOST details on Management Server MS APIs- Environment configuration (Accessible only if you have ORGADMIN ROLE)

@gbhandari It's https only. VHOST already exists as org-env.apigee.net. But i want to map my custom domain "api-test.indix.com" to org-test.apigee.net. I went through apigee documentation regarding virtual hosts (http://docs.apigee.com/api-services/content/virtual-hosts) and I see mapping should be created from apigee side to use api via custom domain. Correct me if I am wrong.

@Jeevan

Now I understood your problem.

So you can do two things.

1) You can create a completely new VHOST

2) Just update the current VHOST with the new CERTS details i.e. CNAME api-test.index.com.

PFB the curl command

curl -v -X POST -H 'content-type: application/xml' -d "<VirtualHost name='secureSSL'><HostAliases/><Interfaces/><Port>443</Port><SSLInfo><Ciphers/><ClientAuthEnabled>false</ClientAuthEnabled><Enabled>true</Enabled><IgnoreValidationErrors>false</IgnoreValidationErrors><KeyAlias>secureSSLKeystore</KeyAlias><KeyStore>secureSSLKeystore</KeyStore><Protocols/><TrustStore>secureSSLKeystoreTruststore</TrustStore></SSLInfo></VirtualHost>" "http://localhost:8080/v1/o/<ORGNAME>/environments/<ENVNAME>/virtualhosts/secureSSL" -u <USERID>

I am assuming that the current vhost name mapped to org-test.apigee.net is 'secureSSL'.

Localhost is where the CURL command are executed on Management Server and its port is 8080

Also, I have added the Trusstore name which is not required as its one way SSL inbound communication(North Bound) and the clientAuthEnabled is false.

And one important point to note is that you should know the alias name of the cert

CNAME api-test.index.com.

When this cert was added on your ORG, apigee or your OPERATIONAL Team might have used the following command)

curl -iv -u <USERID> -X POST -H "Content-Type: multipart/form-data" -F file="@Latest.jar" http://localhost:8080/v1/o/<ORGNAME>/environments/<ENVNAME>/keystores/secureSSLKeystore/keys?alias=s...

So the alias name is passed as query parameter while creating the Keystore

secureSSLKeystore which has the information of the CNAME

api-test.index.com.

I hope this is clear.

You need to contact Apigee support. Please mention your org details and virtualhost alias that you want to update, they will help you do that. Usually we do not allow such changes for trial accounts so I am not saying it would be done, but lets see. In the mean time, you can also do this. Make the same api call as you do today, but with a host header. The host header should contain you current vhost alias - org-test.apigee.net

Dear @jeevan,

Would like to inform you that the trial orgs are restricted to using freetrial (*.apigee.net) certificates only. We don't support your domain certificates for the trial orgs. This means that you cannot use <yourdomain> as the host alias in your secure virtual hosts or use it for making secure API calls.

Regards,

Amar

@jeevan

I guess in trial ORG, one does not have rights to add certificates ie access to the below API CALL is restricted.

curl -X POST -H "Content-Type: text/xml" -d '<KeyStore name="TestKeystore"/>' https://api.enterprise.apigee.com/v1/o/<ORG>/environments/<ENV>/keystores -u <USER NAME>

curl -iv -u <USER NAME> -X POST -H "Content-Type: multipart/form-data" -F file="@myKeystore.jar" "https://api.enterprise.apigee.com/v1/o/<ORG>/environments/<ENV>/keystores/TestKeystore/keys?alias=ke..."

curl -X POST -H "Content-Type: multipart/form-data" -F file="@trust.pem" \ "https://api.enterprise.apigee.com/v1/o/{org_name}/environments/{env_name}/keystores/myTruststore/cer..." \ -u <USER NAME>