How to enable and query APM REST API?

Document ID : KB000045645
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How to enable and query APM REST API? How to list the vertex

Answer:

1. Open the MOM_HOME/config/IntroscopeEnterpriseManager.properties:
Uncomment introscope.enterprisemanager.webserver.jetty.configurationFile=em-jetty-config.xml
enable REST API, set introscope.public.restapi.enabled=true

2. To test this feature we create a self signed certificate.
For this demonstration we are using APM 10.1, server name is APMW8X64R2SP2.ca.com

NOTE: From https://docops.ca.com/ca-apm/10-2/en/integrating/api-reference-guide/apm-rest-api
“You should only use certificates signed by a recognized Certificate Authority. Certificates that are not recognized can be rejected by your REST client and cause automated scripts to fail. Self-signed and invalid certificates compromise security and should never be used in production. Self-signed certificates can be used for test purposes in a controlled environment.”

a) generate a new key for host "APMW8X64R2SP2.ca.com" with alias "jettyssl"
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool" -genkey -keyalg RSA -alias jettyssl -keystore keystore -storepass password -keypass password -validity 7300 -dname "CN=APMW8X64R2SP2.ca.com"
 
b) generate a self-signed certificate for existing key with alias "jettyssl"
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool" -selfcert -alias jettyssl -keystore keystore -storepass password -validity 7300

c) export certificate from EM keystore
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool"  -export -alias jettyssl -keystore keystore -storepass password -file jettyssl.crt

d) import the certificate into keystore in JRE (so it can be used by client without any additional configuration)
"C:\Program Files\CA APM\Introscope10.1.0.15\jre\bin\keytool" -importcert -keystore "C:\Program Files\CA APM\Introscope10.1.0.15\jre\lib\security\cacerts" -alias jettyssl -file "C:\Program Files\CA APM\Introscope10.1.0.15\config\internal\server\jettyssl.crt" -storepass changeit

Below the output of the above commands:

p1.png
Verify if the new cert has been added
 p2.png

3. Add a new connection section to the em-jetty-config.xml that will use the new self signed certificate.

NOTE: For REST calls you need a proper certificate, you cannot use the default “wily” cert.

An example on how to add a section for the Self-signed certificate is available from the doc: https://docops.ca.com/ca-apm/10-2/en/integrating/api-reference-guide/apm-rest-api

p3.png 
Restart the EM

4. Import the new certificate into the client (browser):

Connect to webserver port, you will get the privacy error
p4.png 
Click the lock icon, click details, then click View Certificate
 p5.png
Click details, save to file (to export it) and save it locally to the client pc, you can accept the default values.
 p6.png
Go to Chrome settings, enter “ssl” in the search box, then click Manage certificates, click Trusted Root Certification Authorities”, import the certificate we created in previous step.

5. Restart Chrome and verify access to the browser, you should not see any exception again, the new certificate should be in use now.

 p7.png

6. start webview using default port 8080, however you will get some permissions issues, to workaround this issue you need enable SSL for Webview.

 p8.png
For details, see http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1078428.aspx

To workaround the issue open webview-jetty-config.xml, uncomment the line for the jetty config file to enable SSL.

p9.png
 
Restart webview and connect again. You should not see any error

p10.png 

7. Create a key token that is required for the REST calls

For details see: https://docops.ca.com/ca-apm/10-2/en/integrating/api-reference-guide/apm-rest-api

From the Admin, select Generate API Token
 p11.png
Take a note of the key #
 p12.png

8. Perform a REST Call using Postman as a REST Client
https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en

Use the token generated in previous step to call any REST method by sending it as an HTTP header 
You must follow the syntax as documented in https://docops.ca.com/ca-apm/10-2/en/integrating/api-reference-guide/apm-hypermedia-api/api-authentication-and-authorization

In postman:
a) Add a new header:
Authorization: Bearer 28085e41-fc80-490b-9807-7a5dae607d8b

b) Enter the url to list the vertex:
    https://APMW8X64R2SP2.ca.com:8443/apm/appmap/vertext

c) Click send button.
 p13.png
Below is the output:
 p14.png