| Info |
|---|
The Connexion api service should not be exposed to the public internet. |
The gateway Connexion service includes an API which allows you to programmatically provision remote agents (and channels, packages, etc.)modify the Connexion configuration. This API is subject to change as Connexion functionality is updated.
To enable the gateway Connexion api service, run the Gateway configuration wizard and enable check the 'Enable the Connexion API' checkbox. Optionally change the API port (cannot be the same port as other gateway Connexion services):
...
In order to provide authentication (and TLS traffic encryption), each client which will access this API must provide a certificate. This certificate must be installed within the “Trusted People” folder of the gateway Connexion host machine.
The recommended approach is to create a unique self-signed certificate for each distinct API client. See https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate for information on creating self-signed certificates in Windows. We recommend setting the subject name of the certificate to a value which can identify the consumer (user name, machine name, etc.).
...
Export this certificate to a file using the default export settings (do not include the private key). Copy this file over to the gateway Connexion host and install it into the “Trusted People” store of the Local Computer. This can be achieved by right clicking the certificate file (on the gateway Connexion host) and choosing the “install certificate” option.
...
Deleting an API client certificate from this store will revoke access to the gateway Connexion API.
Next, reference the C# client library (Connexion.Gateway.Api.dll, both framework and core assemblies are available) and create a proxy to the gateway. You will need the System.ServiceModel.Primitives and System.ServiceModel.Http packages if you’re targeting .NET core.
...