Akto - API Security platform
Akto WebsiteStart freeBook a demoDiscordGitHub
  • Github Open Source Repo
  • What is Akto?
  • AktoGPT
  • AGENTIC AI
    • Akto MCP Server
  • Getting Started
    • Deployment Types
    • Akto Cloud
      • Connect Akto with Hybrid SaaS
      • Migrate From Self Hosted Setup To SaaS
      • Setting up proxy
    • Akto Self Hosted
      • AWS deploy
        • AWS multi-VPC deploy
        • AWS Cross-Region Cross-VPC deploy
        • Custom subdomain on Akto on AWS
      • Helm Deploy
      • Azure Deploy
      • Openshift Deploy
      • Heroku
      • GCP Deploy
    • Local Deploy
    • FAQs on data concerns
  • Traffic Connector
    • Traffic Data Sources
    • eBPF
      • Connect Akto with eBPF
      • Connect Akto with eBPF on mTLS
    • Kubernetes
      • Connect Akto with Kubernetes in AWS
      • Connect Akto eBPF with Kubernetes
    • API Gateways
      • Connect Akto with Envoy
      • Connect Akto with NGINX
      • Connect Akto with Istio
      • Connect Akto with HAProxy
      • Connect Akto with Azure API Management
      • Connect Akto with F5
      • Connect Akto with 3Scale
      • Connect Akto with Layer7 API Gateway
      • Connect Akto with Citrix
      • Connect Akto with Kong
      • Connect Akto with Kong Mesh
      • Connect Akto with Cloudflare
      • Connect Akto with IBM Connect
      • Connect Akto with Mulesoft Flex Gateway
      • Connect Akto with Apigee
    • Mirroring
      • Connect Akto with AWS Traffic Mirroring
      • Connect Akto with GCP Packet Mirroring
    • AWS Services
      • Connect Akto with AWS Beanstalk
      • Connect Akto with AWS API Gateway
      • Connect Akto with AWS Lambda
      • Connect Akto with AWS API Gateway with CloudWatch OAM
      • Connect Akto with AWS API Gateway with service account (Temporary Credentials)
      • Connect Akto with AWS Fargate
      • Connect Akto with AWS EKS
      • Connect Akto with AWS ECS
    • GCP Services
      • Connect Akto with GCP Packet Mirroring
      • Connect Akto with Apigee
      • Connect Akto with Google Cloud Run Functions
      • Connect Akto with Google Cloud Run
      • Connect Akto with GKE
    • Azure Services
      • Connect Akto with Azure App Services
      • Connect Akto with Azure API Management
      • Connect Akto with AKS
      • Connect Akto with Azure OpenShift
      • Connect Akto with Azure Container App
      • Connect Akto with Azure Functions
    • Akto SDK
    • Source Code
      • GitHub
      • Bitbucket
      • GitLab
      • API inventory from source code
      • Source code installation
    • Virtual Machines
      • Connect Akto with Docker
      • Connect Akto on TLS service
      • Connect Akto with TCP Agent
    • Manual
      • Connect Akto with Burp suite
      • Connect Akto with Postman
      • Connect Akto with OpenAPI
      • Add API traffic to Akto using HAR file upload
      • API Import: WSDL in Akto
    • Configure TLS on kafka
  • API Inventory
    • Concepts
      • API Endpoints
      • Meta Properties of API Endpoint
      • API Collection
      • API Call Stats
      • Explore mode
      • gRPC API Coverage with Akto
      • Data Types
      • API Groups
      • Environment Type
      • Protocol Support in Akto
      • API Changes
      • Third Party APIs
      • Tags
      • API Dependency Graph
      • Sensitive Data
      • Alerts
      • Shadow APIs
      • Zombie APIs
      • Risk Score
      • Auth types
      • Access Type
      • API discovery from source code
      • Advanced Filter Option
    • How-To
      • Enable Tree view for API collections
      • Export an API Collection to Postman
      • Export an API Collection to Burp
      • Create API group
      • Collection-Based RBAC
      • Descriptions for API Collections & Endpoints
      • Remove API(s) from API group
      • Deactivating and Reactivating API Collections in Akto
      • Add collection using Explore Mode
      • De-merge API
      • Create Swagger File Using Akto
      • Copy API Endpoints Data
      • Add an API Collection
      • Set environment type
      • Delete an API Collection
      • Create a Custom Data Type
      • Reset Data Types in Akto
      • Set Sensitivity of a Data Type
      • De-activate a data type
      • Add a Custom Auth Type
      • Reset an Auth Type
      • Configure Access Types
      • View New API Endpoint
      • Add Private CIDRs list
      • View New Parameters
      • Configure alerts on API changes
      • Create a custom collection
      • Redact sensitive data
      • Extract APIs from github hosted source code using our Github Action
      • Extract APIs from source code using our Docker based CLI
      • Remove Bad Endpoints
      • Create New Tags
      • Edit Tags
  • API Protection
    • Overview
    • External API Runtime Threat Notifications
    • Concepts
      • Threat Actors
      • Threat Policy
  • WAF
    • AWS WAF
    • Cloudflare WAF
  • Test Editor
    • Concepts
      • Overview
      • Test YAML
      • Test Library
      • Custom Test
      • Test YAML Syntax (Detailed)
        • ID
        • Info
        • Wordlists
        • Auth
        • API Selection Filters
        • Execute
        • Validation
        • Contexts
        • Strategy
        • Conditional flows
      • Template YAMLs
        • Local File Inclusion with Akto
      • Dynamic severity
    • How To
      • Edit Test
      • Create a Custom Test
      • Deactivate Test
      • Play in Test Editor Background
      • Copy Test Content
      • Opening Endpoint in Test Editor
      • Add a New Test Library
      • Contribute to Test Library
  • API Security Testing
    • Concepts
      • Severity Levels
      • Test
      • Result types
      • Test Role
      • User Config
      • Test Result
      • JSON Recording for Automated Auth Tokens
    • How To
      • Run Test
      • Auto-Create Jira Tickets
      • Edit Test Settings
      • Install testing module in your Cloud
        • Ephemeral Storage for Hybrid Runtime
        • gRPC Testing in Hybrid Testing Module
      • Create Custom Test Suites
      • Recalculate Issue Counts
      • Testing Module Selector in Akto
      • Run Tests by Category
      • Export Vulnerability Report from Test Results
      • Test Multiple APIs
      • Schedule Tests
      • Stop Tests
      • Run Test on Any One Endpoint
      • Configure global rate limit
      • Rescan Specific Issues Resolved
      • Configure Pre-request Script
      • Set Up JSON Recording for Auth Tokens
      • Create a Test Role
      • Edit Auth Flow in Test Roles
      • Restrict Access to a Test Role Using RBAC
      • Play in Test Editor Playground
      • Conduct Role-Based Testing
      • Run tests in CLI using Akto
      • Secure GraphQL APIs using Akto
      • Secure REST APIs using Akto
      • Secure SOAP APIs using Akto
      • Create and Edit Auth Types
  • Issues
    • Concepts
      • Overview
      • Values
      • Vulnerability Report
      • Remediation
    • How To
      • Jira Integration
      • Azure DevOps Boards Integration
      • Triage Issues
        • Review Issues Marked as False Positives
      • Export Selected Issues to Reports
      • Export Vulnerability Report
  • CI/CD
    • GitHub Actions
      • Create GitHub App
    • Jenkins
    • Azure DevOps
    • GitLab
    • Generic CI/CD
    • How To
      • Run tests in CI/CD
      • Add test to CI/CD Pipeline
      • Get API Credentials
      • Test ID from Akto test
  • Account
    • Invite User
      • Change role of a User
    • Create a New Account
    • How to Switch Between Accounts in Akto
    • Understanding Role Permissions
    • Custom roles
    • Audit Logs
    • SSO
      • Azure AD SAML
      • Okta OIDC
      • Github OIDC
      • Google Workspace SSO
      • Add Members From SSO
  • Compliance
    • Concepts
      • Overview
  • API security posture
    • Concepts
      • Overview
  • SIEM Integration
    • Splunk
  • Alerts
    • Slack Webhook
    • Microsoft Teams Webhook
    • Setup alerts for Akto test run results
  • Pricing
    • Pricing Plans
    • How To
      • Upgrade Your Plan
      • Downgrade Your Plan
      • Sync Usage Data
  • API reference
    • API reference
  • Components
    • Dashboard
    • Testing module
    • Traffic mirroring module
    • Runtime analyzer
    • Context analyzer
    • Puppeteer server
    • Other OSS
    • robots.txt
  • Troubleshooting
    • How to get logs
    • How to disable logging
    • How to update helm deployments
  • Stay Updated on New Releases
  • Support
Powered by GitBook
On this page
  • Step 1: Deploy the Akto Data-Ingestion Service
  • 1.1 Download Required Files
  • 1.2 Retrieve the Akto Token
  • 1.3 Configure the Environment File
  • 1.4 Deploy the Service
  • Step 2: Deploy Akto Gateway Interceptor Scripts
  • 2.1 Download the Pre and Post Global Policy Files
  • 2.2 Run the Setup Script
  • 2.3 Modify the Script
  • 2.4 Execute the Script
  • Step 3: Confirm Traffic is Flowing to Akto
  • Notes

Was this helpful?

  1. Traffic Connector
  2. API Gateways

Connect Akto with IBM Connect

PreviousConnect Akto with CloudflareNextConnect Akto with Mulesoft Flex Gateway

Last updated 16 days ago

Was this helpful?

IBM API Connect is IBM's comprehensive API management solution designed specifically for enterprises running hybrid cloud environments. By integrating IBM API Connect with Akto, you'll be able to automatically discover and test the security of all APIs across your IBM Cloud and on-premise environments, helping you maintain consistent security standards across your entire API infrastructure.

To connect Akto with IBM API Connect, follow the steps below.


Step 1: Deploy the Akto Data-Ingestion Service

Before configuring your API Connect global policies, ensure that the Akto Data-Ingestion Service is up and running.

1.1 Download Required Files

SSH into the server where you want to deploy the data-ingestion service and run the following commands:

wget https://raw.githubusercontent.com/akto-api-security/infra/refs/heads/feature/quick-setup/docker-compose-data-ingestion-runtime.yml
wget https://raw.githubusercontent.com/akto-api-security/infra/refs/heads/feature/quick-setup/data-ingestion-docker.env
wget https://raw.githubusercontent.com/akto-api-security/infra/refs/heads/feature/quick-setup/docker-mini-runtime.env
wget https://raw.githubusercontent.com/akto-api-security/infra/refs/heads/feature/quick-setup/watchtower.env

1.2 Retrieve the Akto Token

  1. Navigate to the Quick Start tab.

  2. Select Hybrid SaaS Connector and copy the token shown under Runtime Service Command.

1.3 Configure the Environment File

Edit the docker-mini-runtime.env file and add your Akto token:

DATABASE_ABSTRACTOR_SERVICE_TOKEN=your_token_here

1.4 Deploy the Service

Start the data-ingestion service using Docker:

docker-compose -f docker-compose-data-ingestion-runtime.yml up -d

Make sure this instance is accessible over the network from IBM API Connect's gateway service.


Step 2: Deploy Akto Gateway Interceptor Scripts

IBM API Connect allows global prehook and posthook scripts to intercept API traffic. You’ll use custom GatewayScript-based policies to forward request and response data to Akto.

2.1 Download the Pre and Post Global Policy Files

Make sure you have the following two files:

  • global-pre.yaml

global-policy: 1.0.0
info:
  name: akto_global_pre
  title: Akto IBM Agent PreRequest
  version: 1.0.0
  mode: after-builtin
gateways:
  - datapower-api-gateway
assembly:
  execute:
    - gatewayscript:
        version: 2.0.0
        title: akto-ibm-agent
        source: |
          context.set("start_time", new Date().getTime());
          context.request.body.readAsBuffer(function (error, buffer) {
            try {
              if (!error && buffer && buffer.length > 0) {
                var bufferStr = new Buffer(buffer).toString("base64");
                context.set("request_body", bufferStr);
              } else {
                context.set("request_body", "");
              }
            } catch (e) {
              context.set("request_body", "");
            }
          });
  • global-post.yaml

global-policy: 1.0.0
info:
  name: akto_global_post
  title: Akto IBM Agent PostRequest
  version: 1.0.0
gateways:
  - datapower-api-gateway
assembly:
  execute:
    - gatewayscript:
        version: 2.0.0
        title: akto-ibm-agent
        source: |
          var urlopen = require("urlopen");

          var friendlyHttpStatus = {
            '200': 'OK',
            '201': 'Created',
            '202': 'Accepted',
            '203': 'Non-Authoritative Information',
            '204': 'No Content',
            '205': 'Reset Content',
            '206': 'Partial Content',
            '300': 'Multiple Choices',
            '301': 'Moved Permanently',
            '302': 'Found',
            '303': 'See Other',
            '304': 'Not Modified',
            '305': 'Use Proxy',
            '306': 'Unused',
            '307': 'Temporary Redirect',
            '400': 'Bad Request',
            '401': 'Unauthorized',
            '402': 'Payment Required',
            '403': 'Forbidden',
            '404': 'Not Found',
            '405': 'Method Not Allowed',
            '406': 'Not Acceptable',
            '407': 'Proxy Authentication Required',
            '408': 'Request Timeout',
            '409': 'Conflict',
            '410': 'Gone',
            '411': 'Length Required',
            '412': 'Precondition Required',
            '413': 'Request Entry Too Large',
            '414': 'Request-URI Too Long',
            '415': 'Unsupported Media Type',
            '416': 'Requested Range Not Satisfiable',
            '417': 'Expectation Failed',
            '418': 'I\'m a teapot',
            '429': 'Too Many Requests',
            '500': 'Internal Server Error',
            '501': 'Not Implemented',
            '502': 'Bad Gateway',
            '503': 'Service Unavailable',
            '504': 'Gateway Timeout',
            '505': 'HTTP Version Not Supported',
          };

          function lowerHeaders(headers) {
            var key, keys = Object.keys(headers);
            var loweredHeaders = {};
            var n = keys.length;
            for (var i = 0; i < n; i++) {
              key = keys[i];
              if (typeof headers[key] == "object") {
                if (Array.isArray(headers[key])) {
                  loweredHeaders[key.toLowerCase()] = headers[key].join(",").toString();
                  continue;
                } else {
                  continue;
                }
              }
              loweredHeaders[key.toLowerCase()] = headers[key];
            }
            return loweredHeaders;
          }

          var headers = context.get("request.headers");
          var contentType = headers["content-type"] || headers["Content-Type"] || "";
          var request_headers = lowerHeaders(headers);
          var resp_headers = context.get("message.headers");
          var response_headers = lowerHeaders(resp_headers);

          if (contentType.indexOf("application/json") !== -1) {
            var req_body_base64 = context.get("request_body") || "";
            var req_body_str = "";
            var allStrings = true;

            if (req_body_base64.length > 0) {
              try {
                var req_buffer = new Buffer(req_body_base64, "base64");
                req_body_str = req_buffer.toString("utf-8");

                var parsedJson = JSON.parse(req_body_str);
                for (var key in parsedJson) {
                  if (typeof parsedJson[key] !== "string") {
                    allStrings = false;
                    break;
                  }
                }

                if (!allStrings) {
                  req_body_str = "";
                }
              } catch (e) {
                req_body_str = "";
              }
            }

            var path =
              context.get("api.org.name") + "/" +
              context.get("api.catalog.path") + "/" +
              context.get("request.path") +
              context.get("request.search");
            var verb = context.get("request.verb");
            var host = context.get("api.endpoint.hostname");
            var status = context.get("message.status.code");
            var client_addr = context.get("session.clientAddress");
            var http_version = "HTTP/" + (context.get("request.version") || "1.1");

            var start_time = context.get("start_time");

            context.message.body.readAsBuffer(function (error, buffer) {
              var res_body = "";
              if (!error && buffer != null && buffer.length > 0) {
                try {
                  res_body = buffer.toString("utf-8");
                } catch (e) {
                  res_body = "";
                }
                context.message.body.write(buffer);
              }

              var sendData = {
                batchData: [
                  {
                    path: path,
                    requestHeaders: JSON.stringify(request_headers),
                    responseHeaders: JSON.stringify(response_headers),
                    method: verb,
                    requestPayload: req_body_str,
                    responsePayload: res_body,
                    ip: client_addr || "0.0.0.0",
                    time: "" + Math.floor(start_time / 1000),
                    statusCode: "" + status,
                    type: "HTTP/" + http_version,
                    status: "" + friendlyHttpStatus[(status + "")],
                    akto_account_id: "1000000",
                    akto_vxlan_id: "0",
                    is_pending: "false",
                    source: "MIRRORING"
                  }
                ]
              };

              var request_final = {
                target: "https://"+<data-ingestion-service-ip>+"/api/ingestData",
                method: "POST",
                headers: {
                  "content-type": "application/json",
                },
                timeout: 5,
                data: JSON.stringify(sendData),
              };

              urlopen.open(request_final, function (error, response) {
                if (error) {
                  console.error(
                    "error: " + error + " info: connection failed trying to secure backup"
                  );
                  return;
                }
              });
            });
          }

These files define global prehook and posthook behavior using GatewayScript.

2.2 Run the Setup Script

We provide a shell script to automatically upload and configure these global policies.

Script: setup-akto-gateway-hooks.sh

#!/bin/bash

server="your_server_here"
org="your_org_here"
gateway="your_gateway_here"
data_ingestion_service_ip="your_data-ingestion-service-ip_here"
catalog="your_catalog_here"

echo $data_ingestion_service_ip 
sed -i '' "s|data-ingestion-service-ip|${data_ingestion_service_ip}|g" global-post.yaml

apic global-policies:create --catalog $catalog --configured-gateway-service $gateway --org $org --server $server --scope catalog global-pre.yaml > temp
preurl=$(cut -d " " -f 4 temp)
echo -e "global_policy_url: >-\n  $preurl" > GlobalPolicy.yaml
apic global-policy-prehooks:create --catalog $catalog --configured-gateway-service $gateway --org $org --server $server --scope catalog GlobalPolicy.yaml

apic global-policies:create --catalog $catalog --configured-gateway-service $gateway --org $org --server $server --scope catalog global-post.yaml > temp
posturl=$(cut -d " " -f 4 temp)
echo -e "global_policy_url: >-\n  $posturl" > GlobalPolicy.yaml
apic global-policy-posthooks:create --catalog $catalog --configured-gateway-service $gateway --org $org --server $server --scope catalog GlobalPolicy.yaml

2.3 Modify the Script

Update the following variables in the script:

server="https://<your-apic-server>"
org="<your-org-name>"
gateway="<your-configured-gateway-service-name>"
data_ingestion_service_ip="<your-data-ingestion-service-ip (Step 1)>"
catalog="<your-catalog-name>"

2.4 Execute the Script

Make the script executable and run it:

chmod +x setup-akto-gateway-hooks.sh
./setup-akto-gateway-hooks.sh

This will upload and register both prehook and posthook global policies with your IBM API Connect Gateway.


Step 3: Confirm Traffic is Flowing to Akto

After setup:

  • Make a few API calls from your applications.

  • Go to the API Collections in Akto dashboard.

  • You should begin seeing real-time API traffic, including headers, payloads, status codes, and timestamps.


Notes

  • Ensure that your gateway has outbound access to the Akto Data-Ingestion Service.

Log in to the .

Akto Dashboard