API portal for VMware Tanzu supports deployments in both Kubernetes and Tanzu Application Service (TAS). This guide covers the specifics for TAS.

For any change in the API portal configuration, the application must be restarted.

cf restart APP_NAME

Modifying OpenAPI Source URL Locations

API portal for VMware Tanzu displays API Groups and detailed documentation from OpenAPI source URL locations in JSON format. To modify the OpenAPI source URL locations, edit application's environment variable API_PORTAL_SOURCE_URLS.

cf set-env APP_NAME API_PORTAL_SOURCE_URLS "https://petstore.swagger.io/v2/swagger.json, https://petstore3.swagger.io/api/v3/openapi.json"

Configure OpenAPI Source URLs Cache Time-to-live and Request Timeout

To improve performance and reduce traffic, API portal caches OpenAPI descriptors locally. The following options are available:

Environment Variable Key Description Default value
API_PORTAL_SOURCE_URLS_CACHE_TTL_SEC Time after which they will be refreshed (in seconds) 300 sec
API_PORTAL_SOURCE_URLS_TIMEOUT_SEC Timeout for remote OpenAPI retrieval (in seconds) 10 sec

For example, to modify the cache ttl to 2 minutes, and timeout to 1 minutes, you may run the following command:

cf set-env api-portal API_PORTAL_SOURCE_URLS_CACHE_TTL_SEC=120
cf set-env api-portal API_PORTAL_SOURCE_URLS_TIMEOUT_SEC=60

Configure Single Sign-On (SSO)

To enable SSO in TAS, bind the API portal application with a Single Sign‑On for VMware Tanzu service instance.

cf bind-service APP_NAME SSO_SERVICE_INSTANCE_NAME

Then, restart the application with cf restart APP_NAME.

Spring Cloud Gateway CORS Configuration and Self-signed Cert Configuration

In order for API portal for VMware Tanzu to support trying out APIs in the web browser, the OpenAPI locations provided in API_PORTAL_SOURCE_URLS must allow CORS access from the API portal URL. In the case of Spring Cloud Gateway, their CORS configuration must be configured to allow this access. Please review the documentation for CORS configuration for the Spring Cloud Gateway product you are using:

In case the OpenAPI server url uses self-signed certs, you might need to do the following steps for your system to trust the cert and use some features on API portal.

In MacOS:

  1. Open the server URL in a new Safari tab
  2. In the dialogue, click "Visit site anyway" and enter password
  3. The self-signed cert will now be imported into Safari and try it out works
check-circle-line exclamation-circle-line close-line
Scroll to top icon