The API Gateway limits access to the Dynatrace APIs. Enterprise Solutions Architecture (ESA) developed this to let you define specific constraints and permissions for specific audiences and use request tokens to enforce those limits.

This is intended for users, who:

• Want to monitor usage of the Dynatrace APIs.
• Want to constrain who can use which APIs and how much.
• Want to take control over the creation of Dynatrace API tokens.

This enables you to:

• Curate all access to the Dynatrace APIs.
• Allocate specific API capacity to individual teams.
• Analyze consumption of individual areas of the API surface.

Compatibility Requirements The API Gateway runs under the Dynatrace Solution Server.

Deploy with the Dynatrace Solution Server by ESA.

If you have not yet installed the Solution Server, [install that first](https://www.dynatrace.com/hub/detail/dynatrace-solution-server-by-esa/) and then continue with the steps below.

Once you have the Dynatrace Solution Server by ESA running on the targeted host, do the following:

1. Copy the download link on this tile (right-click the Download button, copy link).
2. Navigate to https://your-solution-server.corp.com. Click on the ‘+’ tile, paste the link into the wizard, and click Install. Follow the on-screen instructions.
3. The Dynatrace Solution Server home page will now show a tile for the API Gateway.
4. You can modify your configuration at any time via the Settings button on the tile. Documentation and health status can be accessed from the tile as well.

Deploy as a stand-alone application

1. Download the solution to your local system using the Download button.
2. Extract the ZIP file to a folder of your choice on the targeted host.
3. Install NodeJS 16+ and PM2.
4. Edit the various configuration files using a text editor using the instructions on the ESA Documentation Hub.
5. Start the API Gateway by running pm2 start ecosystem.config.js.

Deploy in Kubernetes as a container (Coming soon)

• Access is controlled by tokens
  • Dynatrace token creation should be locked down.
  • API Gateway Access tokens to be created by an administrator.
  • Assigned to specific consumer(s) or audience(s).
  • Expire at specific dates.
• A token grants limited access
  • Specific client IPs, IP ranges or IP patterns.
  • A specific tenant/environment.
  • Specific APIs, methods, parameters and values.
  • Maximum request volumes (per minute, hour, and day).
• All API access goes via the API Gateway
  • Instead of https://mytenant.live.dynatrace.com/api/v2/entities,

consumers use https://apigateway.corp.com/api/v2/entities - Requests need to carry the token in the Authorization header.