digiRunner is a mission-critical, flexible, lightweight, and blazing-fast Open Source solution that helps your organization control who, when, and how users access your APIs. As an API Management solution, it enables you to effortlessly manage the lifecycle of your APIs. Download digiRunner to document, discover, and publish your APIs.

digiRunner is particularly important in microservices architectures, which often consist of multiple backend services, each providing specific functionality. It can abstract these backend services into a single API endpoint, making it easier for clients to access and use.

Key Features

• Intelligent Routing: Efficiently directs API requests to the appropriate backend service based on request parameters, ensuring optimized performance.

• Comprehensive Security: Protects your APIs with multi-layered authentication and authorization mechanisms to safeguard against threats.

• Real-time Monitoring: Tracks API performance with detailed metrics for proactive issue detection and quick resolution.

• Traffic Management: Maintains system stability by controlling the frequency of API access and setting usage quotas.

Benefits

• Streamlined Frontend Development: Simplifies development by providing a unified API entry point, reducing complexity for frontend developers.

• Improved System Stability: Increases reliability with advanced traffic control mechanisms and comprehensive error handling.

• Enhanced Security: Protects your system with robust, multi-level security measures to mitigate potential risks.

• Efficient Microservices Management: Facilitates unified governance of microservices through centralized API management.

Common Use Cases

• API Consolidation: Unify multiple backend services into a single, accessible API to streamline system interactions.

• Access Control: Implement robust security measures to prevent unauthorized API access and ensure data integrity.

• Usage Insights: Gain in-depth visibility into API usage patterns with comprehensive monitoring data.

• Rate Limiting: Prevent system overload by enforcing rate limits, ensuring consistent performance and stability.

• Data Transformation: Transform API outputs into various formats (e.g., JSON, XML) to support diverse client requirements.

For easy access to digiRunner API Management Platform, please refer to the following section:

Deployment Concept

• Container: an environment such as Docker, Podman, K8s, OCP

• Router: a concept for LB, such as Nginx, F5, Ingress

• Gateway: digiRunner Gateway, including Admin Console.

• Gateway(Master): a concept of zookeeper for all gateway(Slave)

Components

Software/Hardware Spec.

Software

• OS: RHEL 8.x or above

• Java: JDK 17 or above

• Container

  • docker 19.03 or above

  • podman 3.2.3 or above

• DB support

  • MariaDB 10.6.x

  • MSSQL 2017 or above

  • Oracle 11g or above

  • PostgreSQL 9.6 or above

  • H2DB(default)

Hardware

In API Management, API Group, API Scope, and API Client are commonly used concepts for managing API access control, organizational structure, and user authorization. Below are detailed explanations and use cases:

Path: API Management > API List

All APIs on the system will be placed in the API list; API related information will be displayed here, and APIs can also be tested here. Whether to enable registered or designed APIs is also set here.

Import APIs

In this section, you can find instructions on how to import registered/combined APIs.

1. JSON files can be uploaded; after selecting the file, click Upload.

1. Uploaded API will be displayed in the table below; however, no APIs were uploaded to the system yet at this time. First, select the APIs to import, and click Import.

Search APIs

1. Search: Enter the keyword and click Search to search for desired APIs.

1. Search By label: The Search By label feature is independent, and will not be affected by the basic keyword search or API sources.

• Enter the keyword, click Search By label, and the Label List will pop up.

• Check the desired label, and click Confirm. The APIs match the label will be displayed.

View APIs

Update APIs

1. If the source is an API combination, upon accessing the update page, you will see the Open Composer button.

1. Click Open Composer to access the API Composer page.

2. Modify the desired fields, and click Update to save and exit.

1. Fill in the data or make selections as instructed below. The fields marked with “*” are required.

• [Module ID] API Module*: The API number and name cannot be changed.

• API Cache*: Options include None / Auto / Fixed. If enabled, the number of calls made to endpoints can be reduced, and API request delays can be improved.

• API ID*: ID of the API; cannot be changed.

• API Name*: Able to rename the API

• Fixed Cache Time(Minute)*: The duration for which data is retained in the cache. This field is only applicable when the API Cache is set to Fixed. If the fixed time is set to 0, the value from FIXED_CACHE_TIME will be fetched; otherwise, the value specified in the fixed cache time will be used. FIXED_CACHE_TIME can be configured in Setting > FIXED_CACHE_TIME.

• API status*: Enables or disables API operations.

• JWT Settings: Set whether to use JWE or JWS encryption for Request / Response.

• Http Methods*: Set the Http Methods of this API.

• Data Format: Specifies the format of this API (SOAP / JSON / XML).

• Target URL*: For registered APIs only, if the source URL has been changed, the new URL can be specified here.

  • Check Source IP Diversion to configure the source IP for more effective management and control of network traffic. For registered APIs, only No Auth is available, while combination APIs can select either Path Parameter or No Auth.

  • Path Parameter: Upon checking, carries over the URL Path parameter data when calling APIs.

  • No Auth: Upon checking, allows calling the API without OAuth authentication, commonly used for Public APIs.

• API Log Header Mask: Specifies masking for the Header field, applicable only to registered APIs. For example, if the value is Hello, with a character count of 1 and masking character #, the following will be displayed:

  • Policy 0: No masking, displays Hello.

  • Policy 1: Retains the first and last character, displays H###o.

  • Policy 2: Retains the first character, displays H####.

  • Policy 3: Retains the last character, displays ####o.

• API Log Body Mask Policy: Specifies different masking strategies for keywords in the Body content, applicable only to registered APIs.

  • For example, if the original text, "name":"test","id":"1", with a character count of 2, masking character #, and keyword name, the following will be displayed:

    • Policy 0: No masking, displays "name":"test","id":"1".

    • Policy 1: Masks the first and last 2 characters, displays "#name##"test","id":"1".

    • Policy 2: Masks the first 2 characters, displays "#name":"test","id":"1".

    • Policy 3: Masks the last 2 characters, displays "#name##"test","id":"1".

  • Policy 4 uses regular expressions for definition. For example, with a character count of 1 and a mask of #, and a regular expression of name\d, the following will be displayed:

    • "name1":"test","id":"1" will display as "name1#:"test","id":"1".

    • "name2":"test","id":"1" will display as "name2#:"test","id":"1".

    • "name-3":"test","id":"1" will display as "name-3:"test","id":"1".

• Fail Discovery Policy*: Specifies the action to take when an API connection fails. The system default is set to When the connection fails or the HTTP status code is 4xx (client error) or 5xx (server error).

• Fail Handle Policy*: Specifies how the system handles API connection failures. Choose between No retries or When calling the target URL fails, automatically retry the next target URL.

• Description: Other descriptions of the API.

• Label: Up to five labels can be used. Labels with capitalized characters will automatically be switched to lower case, and each label can be no more than 20 characters long.

Test APIs

1. Select the Authorization test method, for example: Client Credentials means the test can only be clicked after entering the client account and password. Confirm the digiRunner URL and Http Methods fields, then click Test to test whether this API can be used.

1. If the result is Status 201 and there were data in Headers and Body, it means that this API is normal and can be used.

Enable/Disable APIs

Delete APIs

1. Search for the API to delete, and click Delete to proceed.

1. A warning prompt displaying the message “Confirm Delete?” will pop up. Click Confirm to delete this API and exit.

JWT Settings

Whether to use JWT (signature) or JWE (encryption) for Request and Response. The system can perform JWT encryption (including JWE & JWS) to APIs.

• JWT: JWT and JWS (body) will be called when the API is called.

• JWS: Refers to signed JWT.

• JWE: Refers to JWT with encrypted payloads.

Export APIs

1. To export registered and combined APIs, search for the API to export, and click Export to proceed.

1. A warning prompt displaying the message “Confirm Export?” will pop up. Click Confirm to download the json file.

Swagger

Common HTTP API Call Structure

In this structure, the user accesses various services directly via the browser using HTTP or HTTPS protocols. Each service is exposed directly to the browser, meaning any changes to the API paths or services require modifications on the client side.

Without a centralized API management tool, limiting and monitoring client traffic becomes challenging, potentially leading to service overload. Additionally, since APIs are exposed without a centralized gateway or proxy to manage access, the risk of security vulnerabilities increases, including threats like DDoS attacks or unauthorized access.

APIM HTTP API Call Structure

Unlike the previous structure, this setup introduces an API Management layer (APIM), represented by digiRunner, which acts as a proxy between the browser and the backend services. This approach abstracts the direct connection between the browser and the services, providing centralized control and easier API management.

When backend APIs change, only the gateway (APIM) requires adjustment, eliminating the need for changes on the client side and improving flexibility. Furthermore, the API management layer functions as a firewall, offering security features such as authentication, authorization, and rate-limiting, which help prevent unauthorized access and protect against malicious attacks.

Since all API requests are routed through the APIM, it allows for unified traffic management, setting request limits and priorities, preventing individual services from being overloaded. When new services or features need to be added, routing or services can be configured within the APIM without altering the client logic, making scaling significantly more convenient.

Definition

API Scope is a configuration for defining the range of permissions or access levels that users or applications have when using APIs. Often integrated with OAuth 2.0, it restricts client access to specific resources or functions.

Advantages

• Fine-grained Control: Restricts users to specific resources or operations.

• Enhanced Security: Reduces the risk of unauthorized users operating on sensitive data or functions.

• Simplified Authorization Logic: Manages authorization needs using labels, reducing code complexity.

Use Cases

• Restricting Functions: Example: A "read-only" scope allows clients to only read resources, while a "read-write" scope allows modifications.

• Resource-based Authorization: Example: A client may access /user/profile but not /user/settings.

• Dynamic Authorization: Allows API authorization to be determined dynamically based on Scope, suitable for scenarios requiring temporary expansion or reduction of permissions.

Standard Operating Process

1. Design the Scope Structure:

   • Design Scope labels based on resources and operations, such as read, write, admin.

   • Map Scope labels to API functions (e.g., /users resource mapped to read-users, write-users).

2. Define Scope Rules:

   • Specify which Scopes correspond to which API operations.

   • Establish inheritance or hierarchy logic for Scopes (e.g., admin includes read and write permissions).

3. Authorize and Verify:

   • Issue Tokens containing Scopes when a client requests access.

   • Validate the requested Scope through the API Gateway or backend.

4. Runtime Control:

   • When APIs are invoked, check if the request Token contains the matching Scope.

   • Execute requests or return a rejection response based on the Scope configuration.

Definition

An API Client refers to the application or service invoking the APIs. The identity of the API Client must be registered and authenticated in the API management system. Each API Client is assigned a unique identifier (e.g., Client ID and API Key) for access control and monitoring.

Advantages

• Authentication and Tracking: Each API Client has a unique identifier, allowing precise tracking of usage and authorization.

• Custom Configuration: Enables setting exclusive quotas, rate-limits, or permission strategies for different API Clients.

• Enhanced Security: Access is controlled via API Client authorization mechanisms (e.g., API Key or OAuth Token).

Use Cases

• Application Separation: Internal and external applications are treated as different API Clients with distinct security strategies.

• Third-party Integration: Provides a registration process for third-party developers, allowing their applications to become API Clients and access APIs.

• Multi-layer Tracking: Assigns a unique API Key to each application to precisely track traffic sources and usage.

Standard Operating Process

1. Register the API Client:

   • Clients register with the API Management system, providing application names and descriptions.

   • The system assigns a unique Client ID and secret (e.g., API Key or Client Secret).

2. Authorize and Configure:

   • Assign Scopes and quotas (e.g., number of requests per second).

   • Configure specific security strategies (e.g., IP restrictions or JWT Token validation).

3. Authentication and Requesting:

   • Clients use API Key or Token to send requests to the APIs.

   • The API Gateway validates the identity and checks authorization Scopes.

4. Traffic Monitoring and Management:

   • Monitor API Client traffic data, error rates, and performance.

   • Dynamically adjust rate-limiting strategies or revoke authorization if needed.

API Infrastructure Modernization

Cloud-Native API Gateway

Gateway Mocking

digiRunner Ingress Controller

Admin Manager GUI

Traffic Management and Transformations

Basic Traffic Control

Advanced Rate Limiting

Advanced Caching

Security and Governance

Advanced Authentication

Role-Based Access Control

The digiRunner platform provides robust integration capabilities, enabling it to function as a proxy or router for API requests. This integration architecture allows seamless connections between API consumers (such as applications and web clients) and backend servers, as well as core systems. The architecture supports secure data transfer, access control, and load balancing, offering flexible options for data formats and protocols.

dAAP: digiRunner as a Proxy (Client to Server)

In this mode, digiRunner acts as a proxy for API consumers, such as web or mobile applications, to connect to backend services securely.

Process

• Register Target APIs: The backend server APIs are registered on digiRunner to make them accessible to the applications.

• Client Account Creation: Set up a client account on digiRunner to represent applications that will be consuming these APIs.

• API Grouping: Organize registered APIs into API groups to streamline management and authorization.

• Authorization: The API groups are authorized for the client accounts, allowing specific applications or API consumers to access designated APIs on the backend server.

Flow

• API consumers (web or mobile apps) initiate requests with tokens, which pass through the firewall to the API Gateway in digiRunner.

• The API Gateway processes and routes these requests to the correct backend APIs, as per the defined API group and client permissions.

dAAR: digiRunner as a Router (Server to Server)

In this mode, digiRunner acts as a router, facilitating secure communication between servers, including communication with core systems using various protocols.

Process

• Server-to-Server API Communication: The platform enables direct server-to-server API requests, providing an API key for secure access.

• Protocol Support: digiRunner supports multiple protocols (e.g., HTTP, SOAP, MQ) for compatibility with diverse core systems and legacy environments.

Flow

• API requests from the client (API consumer) are forwarded through digiRunner to different core system hosts.

• Depending on the host and data requirements, the requests are routed with the appropriate protocol (e.g., JSON over HTTP, XML over SOAP, or Telex over MQ).

Integration with Core Systems

The API Gateway securely routes data across different systems, ensuring data reaches the correct endpoint in a compatible format.

dAAPR: digiRunner as Both Proxy & Router (Client to Server, Server to Server)

In the dAAPR configuration, digiRunner can simultaneously serve as both a proxy and a router, allowing it to handle a variety of integration patterns between clients, servers, and core systems.

Process

• Client to Server: As a proxy, digiRunner manages token-based API requests from applications and routes them to the appropriate backend API.

• Server to Server: As a router, digiRunner manages API key-based communication between servers and core systems, supporting multiple protocols for interoperability.

Flow

• API requests with tokens are processed by the API Gateway for client-to-server interactions, while API key-based requests manage server-to-server interactions.

• Requests can be routed to different hosts based on protocol requirements, facilitating flexible data exchange across various systems.

Use Case

This dual configuration is ideal for environments requiring both client-server and server-server data communication, offering comprehensive integration capabilities.

Definition

API Group is used to logically or functionally group APIs to improve management efficiency and support batch operations and strategy application for APIs. Grouping is typically based on functionality, user needs, version control, or deployment environments.

Advantages

• Unified Management: Grouping similar or related APIs allows for bulk configuration (e.g., permissions or rate-limiting strategies).

• Improved Visibility: Clearly delineates API functional domains, helping teams understand system architecture.

• Simplified Version Control: Each API Group can have independent version management strategies.

Use Cases

• Grouping by Function: Examples: "User Management API," "Order Management API," "Payment API."

• Grouping by Business Line: Examples: "Retail Business API Group," "Financial Business API Group."

• Grouping by Deployment Environment: Examples: "Development Environment API," "Testing Environment API," "Production Environment API."

Standard Operating Process

1. Plan the Grouping:

   • Analyze the usage scenarios, functional logic, and business requirements of the APIs.

   • Determine grouping criteria, such as functionality, business domain, or environment.

2. Configure API Group:

   • Create an API Group in the API Management platform.

   • Add related APIs to the corresponding group.

3. Apply Global Strategies:

   • Set group-level security policies (e.g., authentication, IP whitelisting).

   • Configure rate-limiting policies (e.g., API access quotas).

4. Manage and Monitor:

   • Continuously monitor the traffic, performance, and error rates of the API Group.

   • Dynamically adjust the group as needed, such as adding or removing APIs.

• API Group:

  • "Product Management API" (list products, add products)

  • "Order Management API" (create orders, cancel orders)

  • "User Management API" (register, login, view user data)

• API Scope:

  • Scope for Client A: read-products, create-order

  • Scope for Client B: read-products, read-order

  • Scope for Administrator: admin-access (full access)

• API Client:

  • Client A: API Client for the frontend customer shopping application.

  • Client B: API Client for the backend operation management application.

  • Client C: Partner application (access restricted to specific resources).

By combining API Group, API Scope, and API Client, the platform can flexibly meet diverse business needs while ensuring system security and efficient management.

• Requirement Analysis and Design:

  • Divide APIs into logical or functional API Groups.

  • Design API Scopes to determine access permissions for each resource and operation.

  • Identify the API Clients to support (e.g., internal or third-party applications).

• Configuration and Authorization:

  • Configure API Groups and Scopes in the platform, applying security strategies.

  • Set access permissions and quotas for API Clients.

• Runtime Control:

  • The API Gateway validates the client identity (e.g., API Key or OAuth Token).

  • Requests are executed or denied based on the Scope and Group configurations.

• Monitoring and Optimization:

  • Continuously monitor usage for each API Group and Client.

  • Adjust Scopes or strategies as needed to respond to business changes.

  • Periodically optimize API performance and security.

Explore the scenarios digiRunner applied in the financial industry:

Context and Objectives

In an era of digital transformation, a leading financial services provider faced the critical challenge of modernizing its operations. With an ambitious mission to streamline data migration and strengthen API management, the company sought to overcome legacy inefficiencies while ensuring secure and seamless service delivery. Their objectives were to:

1. Ensure Seamless Data Migration: Transition critical banking data from legacy systems to modern platforms without service interruptions.

2. Modernize API Management: Implement an efficient, centralized framework for managing APIs across various operations.

3. Enhance Security and Compliance: Safeguard sensitive customer data while adhering to regulatory requirements like GDPR and PCI DSS.

4. Enable Scalability and Operational Efficiency: Support increasing transaction volumes with a scalable and robust infrastructure.

Challenges in Data Migration

Legacy Systems Complexity

• Legacy systems, such as AS400, posed integration challenges with modern cloud platforms.

• Data inconsistencies increased the risk of errors during migration.

Operational Downtime Risks

Ensuring uninterrupted service during data migration was critical to maintaining customer trust and SLA compliance.

Data Security Concerns

Securing sensitive data transfers during migration required advanced encryption and stringent access controls.

Scalability and Monitoring Gaps

Handling high traffic volumes during migration lacked robust monitoring tools and adaptive scaling capabilities.

Solutions Provided by digiRunner

Centralized API Gateway

• Unified Traffic Management: Streamlines API communication between legacy and modern platforms, ensuring smooth data flow.

• Protocol Translation: Enables seamless integration of diverse protocols, such as REST and SOAP, to efficiently connect legacy and modern systems.

• Dynamic Load Balancing: Distributes API traffic to optimize performance during peak demands, particularly during migration surges.

Secure Data Transfer with TLS Encryption

• End-to-End Encryption: Protects data during transmission and storage, ensuring compliance with financial security standards.

• Advanced Authentication: Uses OAuth 2.0 and OpenID Connect for secure, role-based API access.

Real-Time Monitoring and Alerts

• Comprehensive Dashboards: Provides real-time insights into API performance and migration status, allowing for proactive issue resolution.

• Custom Alerting System: Flags anomalies, such as unexpected API traffic spikes, to maintain operational stability.

Granular Access Management

• Role-Based Permissions: Controls API access to specific personnel, ensuring secure data handling during migration.

• Audit Trails: Maintains detailed logs of all API interactions to support regulatory compliance and forensic analysis.

Zero-Downtime Deployment

• Red/Black Deployment Strategy: Enables seamless updates to API systems, ensuring uninterrupted services during migration.

Comprehensive Data Validation

• Integrity Checks: Verifies data consistency throughout migration to avoid corruption and errors.

• Pre-Migration Simulations: Identifies potential risks by testing scenarios before live migrations.

API Service Scaling

• Elastic Infrastructure: Adapts dynamically to handle varying workloads during migration without compromising performance.

• Performance Optimization: Minimizes latency and enhances throughput for real-time API requests.

Impact of digiRunner Implementation

Streamlined Data Migration

Critical banking data migrated securely and efficiently, avoiding service disruptions.

Unified API Ecosystem

Centralized API management improved integration between legacy and modern platforms.

Enhanced Security Posture

Advanced encryption and access controls safeguarded sensitive customer data and ensured compliance.

Scalability and Resilience

The system efficiently managed peak migration traffic while maintaining continuous service availability.

Operational Excellence

Real-time monitoring empowered IT teams to proactively manage migrations, minimizing downtime risks.

Conclusion

By leveraging digiRunner’s comprehensive API management platform, the financial services provider achieved its objectives, enabling secure, scalable operations and positioning itself for innovation in the rapidly evolving financial sector.

Data Stores

digiRunner support multiple data stores during normal operation. The following stores have been tested by digiRunner:

• MariaDB 10.6.x

• MSSQL 2017 or above

• Oracle 11g or above

• PostgreSQL 9.6 or above

• H2DB(default)

Identity Providers

digiRunner is expected to work with third party identity providers (IDP) when using the OpenID Connect (OIDC) :

• OAuth 2.0 IdP

• LDAP IdP

• MLDAP IdP

• API IdP

Browser Support

digiRunner supports the latest stable versions of the “chromium” desktop browsers.

Explore the scenarios digiRunner applied in the manufacturing industry:

Context and Objectives

A leading financial services provider sought to address a fragmented API infrastructure and ensure compliance with relevant regulations. Their objectives were to:

1. Unify API Management: Integrate APIs across platforms for streamlined workflows and seamless interactions between banking systems and third-party providers.

2. Ensure Security and Compliance: Strengthen security mechanisms to meet strict financial regulations such as PCI DSS and GDPR.

3. Accelerate Innovation: Reduce time-to-market for new services by optimizing API development and management.

4. Optimize Operations: Implement robust tools for API monitoring, governance, and traffic management to improve operational efficiency.

Challenges

Fragmented API Ecosystem

APIs scattered across multiple platforms hindered integration and consistent performance.

Compliance and Security Risks

Weak security protocols posed vulnerabilities in sensitive data handling and regulatory compliance.

Slow Deployments

Lengthy API deployment cycles hampered the rollout of new services.

Operational Inefficiencies

Lack of unified monitoring and governance tools increased workload and costs.

Solutions Provided by digiRunner

Centralized API Gateway

• Acts as a single entry point for all API requests, unifying traffic routing and balancing loads dynamically.

• Endpoint Management: Simplifies endpoint discovery and reduces duplication by consolidating APIs under a centralized directory.

• Traffic Throttling and Rate Limiting: Ensures stable system performance by limiting excessive traffic from individual users or applications.

Enhanced Security Architecture

• OAuth 2.0 and OpenID Connect: Implements advanced authentication and authorization to secure sensitive transactions.

• Token Management: Automates access token generation and validation for secure API communication.

• Audit Trails: Maintains detailed logs of API interactions for compliance audits and investigations.

Real-Time Monitoring and Alerts

• API Analytics Dashboards: Provides real-time insights into API traffic patterns, user behavior, and system health.

• Error Tracking: Identifies and reports API performance issues, minimizing downtime and improving reliability.

• Alert Mechanisms: Sends automated alerts for anomalies or unauthorized access attempts, enabling immediate response.

Policy Management and Governance

• Global Policy Enforcement: Applies universal policies for security, access control, and traffic quotas across all APIs.

• Version Management: Ensures smooth updates and backward compatibility for APIs, minimizing disruption for developers and consumers.

• Role-Based Access Control (RBAC): Employs role-based permissions, ensuring users only access authorized endpoints.

Scalable Infrastructure

• Dynamic Scaling: Automatically adjusts system capacity based on API demand, maintaining performance during peak usage.

• Red/Black Deployment: Facilitates zero-downtime API updates by deploying new versions alongside existing ones, enabling seamless rollouts.

Transformative Impact

Seamless API Ecosystem

Consolidated fragmented APIs into an integrated system, improving connectivity with external partners.

Enhanced Security and Compliance

Strengthened compliance with regulations through robust security protocols, encrypted communications, and audit-ready logs.

Faster Service Delivery

Significantly reduced deployment times, accelerating market launches for financial products.

Optimized Governance

Centralized management tools streamlined workflows, minimized errors, and reduced operational overhead.

Customer-Centric Innovation

Improved API infrastructure supported dynamic, personalized services to enhance customer satisfaction and foster loyalty.

Conclusion

By adopting digiRunner's comprehensive API management platform, the financial institution achieved its digital transformation goals, enabling a secure, scalable, and future-proof digital ecosystem. This strategic upgrade positions them to lead in an ever-evolving financial landscape.

Explore the scenarios digiRunner applied in the medical industry:

In the rapidly evolving high-tech manufacturing sector, a leading global electronics manufacturer faced challenges integrating fragmented systems, streamlining workflows, and scaling operations efficiently. By adopting digiRunner’s API management platform, they bridged the gaps between legacy systems, IoT devices, and ERP solutions to build a fully interconnected smart factory. digiRunner empowered them to achieve real-time data exchange, automated quality control, and optimized production at scale, delivering a competitive edge in the Industry 4.0 era.

Context and Objectives

High-tech manufacturers are advancing toward smart factory principles to achieve:

1. Streamlined Operations: Real-time monitoring and automation for increased efficiency.

2. Enhanced Interconnectivity: Seamless integration of IoT devices, ERP systems, and enterprise applications.

3. Quality and Scalability: Consistent product quality while accommodating growth.

4. Improved Collaboration: Strengthening supplier and customer relationships through digital platforms.

Key Challenges

Diverse Data Ecosystems

Heterogeneous data formats and systems impede integration.

Manual Processes

Reliance on manual workflows slows production and decision-making.

Inconsistent Quality Management

Lack of digital traceability hinders compliance and inspections.

Fragmented Operations

Disconnected platforms for suppliers, customers, and orders create inefficiencies.

Scalability Limitations

Legacy systems fail to handle increasing production demands effectively.

Solutions Powered by digiRunner

digiRunner delivers purpose-built solutions to address these challenges and meet manufacturing goals:

IoT-Driven Automation

• Integrates IoT devices to enable automated material handling, predictive maintenance, and unmanned operations.

• Provides real-time dashboards for monitoring device health, production progress, and issue resolution.

Advanced API Management

• Offers a multi-layered API gateway with role-based access controls to secure manufacturing processes.

• Groups APIs by function—such as production, logistics, and quality—for streamlined governance and usability.

• Supports traffic throttling, ensuring stability during high-demand periods.

Comprehensive ERP Integration

• Connects financial accounting, inventory tracking, and production scheduling in real time.

• Standardizes ERP interactions via API orchestration, enabling smooth, consistent data exchanges.

Supplier and Customer Integration

• Centralizes supplier management platforms with CRM systems to enable efficient order tracking and procurement.

• Provides APIs for virtual showrooms and customer portals, enhancing engagement and visibility.

Digital Quality Management

• Automates inspection workflows with traceable production histories to ensure compliance and quality.

• Utilizes analytics tools to identify quality trends and proactively implement predictive improvements.

Accelerating R&D

• Uses containerized microservices to streamline simulation testing and product development pipelines.

• Employs big data analytics for forecasting trends and accelerating innovation cycles.

Transformative Impact

Through digiRunner, manufacturers achieve:

Operational Optimization

Automation and streamlined APIs reduce downtime and improve efficiency.

Enhanced Quality Control

Digitized workflows ensure consistent standards and regulatory compliance.

Real-Time Insights

Predictive analytics and synchronized data improve decision-making.

Collaborative Innovation

Integrated platforms enhance relationships with partners and customers.

Future-Ready Scalability

digiRunner’s architecture supports growth and technological evolution.

Conclusion

digiRunner equips high-tech manufacturers to overcome operational inefficiencies, ensuring a seamless transition to smart factory models. By delivering specific solutions that enhance automation, connectivity, and quality, digiRunner empowers organizations to stay ahead in Industry 4.0, achieving innovation, efficiency, and scalability.

Context and Objectives

A leading healthcare provider aimed to address challenges arising from fragmented data systems, increasing demands for data security, and the need for compliance with stringent healthcare regulations. Their objectives were to:

• Unify Data Sharing: Enable seamless, interoperable communication between internal systems and external partners.

• Ensure Robust Security: Safeguard sensitive patient data and meet regulatory requirements such as HIPAA.

• Streamline Operations: Simplify external integrations and enhance the efficiency of healthcare services.

Challenges

Fragmented System Architecture

Patient records, billing, and other systems operated in silos, leading to inefficiencies and impeding data flow.

Regulatory Compliance and Data Protection

Meeting HIPAA standards while ensuring secure data sharing posed a significant challenge.

Complex Integration with External Partners

Integrating with insurance providers, telemedicine platforms, and other partners was time-consuming and inefficient due to inconsistent APIs.

Lack of Centralized API Oversight

Inefficient API management led to delays, redundancies, and a lack of visibility into performance and usage.

digiRunner's Solutions

Centralized API Ecosystem

• API Gateway: Served as a secure entry point, routing and balancing all API traffic for improved scalability and bottleneck prevention.

• Seamless Data Exchange: Unified disparate systems using standardized protocols like FHIR for consistent, real-time data sharing across platforms.

Enhanced Data Security

• End-to-End Encryption: Protected patient data in transit and at rest using robust encryption, ensuring compliance with healthcare regulations.

• Role-Based Access Control (RBAC): Restricted data access to authorized personnel only, minimizing security risks.

• Secure API Authentication: Used OAuth 2.0 and tokenized access for secure API interactions, eliminating risks associated with static credentials.

• Audit Logs and Compliance Reports: Tracked all API interactions for transparency and regulatory compliance, ensuring accountability.

Streamlined External Integrations

• API Orchestration: Facilitated smooth, secure collaboration with external entities by managing all integrations through proxies and orchestration layers.

• API Versioning: Structured change management ensured stability and minimized disruptions during API updates.

Comprehensive API Monitoring

• Real-Time Performance Monitoring: Continuously monitored API usage, detecting and alerting on anomalies for proactive issue resolution.

• Rate Limiting and Throttling: Controlled API request rates to prevent abuse and ensure system reliability under heavy load.

Transformative Impact

Seamless Interoperability

Enabled real-time, consistent data flow across systems, improving coordination and decision-making.

Enhanced Security and Compliance

Safeguarded sensitive health data with advanced encryption and access control, ensuring adherence to HIPAA and other regulations.

Faster Service Delivery

Simplified external integrations allowed the provider to rapidly deploy new services, enhancing patient care.

Operational Efficiency

Centralized API management eliminated redundancies, optimized workflows, and simplified the maintenance of integrations.

Conclusion

digiRunner transformed the healthcare provider’s fragmented systems into a secure, unified data-sharing platform. With a robust API management framework featuring advanced security, orchestration, and monitoring capabilities, digiRunner empowered the organization to deliver fast, efficient, and secure healthcare services.

Mission Goals: Transforming Legacy Insurance Systems into Agile Ecosystems with a Small Kernel and Microservices

The insurance industry is undergoing a significant transformation, with many organizations striving to replace rigid legacy systems with modern, microservices-driven architectures. The “small kernel with innovative microservices around” strategy is at the heart of this transformation, combining a stable, centralized core system (the kernel) with agile microservices to enhance scalability, responsiveness, and customer-centric innovation. digiRunner API Management serves as a pivotal business middle platform, enabling insurers to overcome legacy infrastructure challenges and seamlessly adopt this modern architecture.

Challenges in Transitioning from Legacy Systems to Microservices

Legacy System Limitations

• Inflexibility of Monolithic Systems: Legacy mainframe systems are often tightly coupled and difficult to modify, making integration with modern microservices architectures both complex and costly.

• Technical Debt: The effort required to overhaul entrenched legacy infrastructures often creates significant technical and operational challenges.

• Risk of Downtime: Migrating from monolithic systems to microservices can risk disruptions in critical operations such as claims processing and policy management.

Data Synchronization and Real-Time Processing

• Disconnected Systems: Legacy environments frequently lack real-time capabilities, leading to inconsistent data updates and delays in customer service.

• Siloed Processes: Data silos impede seamless communication between departments, slowing decision-making and service delivery.

Security and Regulatory Compliance

• Increased Vulnerabilities: A distributed system introduces new security risks, especially when transitioning from centralized legacy systems.

• Regulatory Hurdles: Compliance with stringent insurance industry regulations requires advanced monitoring, governance, and audit capabilities.

digiRunner API Management: Bridging Legacy Systems and Microservices

digiRunner acts as the essential business middle platform, addressing the complexities of integrating legacy systems with a modern microservices architecture. By serving as a bridge, digiRunner enables insurers to modernize incrementally, reducing risks while maximizing operational efficiency and innovation.

Empowering the Small Kernel Core

• API Gateway: Serves as a central hub for managing communication between legacy kernels and new microservices. It ensures secure, reliable routing, load balancing, and data exchange.

• Role-Based Access: Implements robust, token-based authentication to secure sensitive core operations such as underwriting and claims processing.

• Operational Resilience: digiRunner’s middleware stabilizes legacy systems, enabling insurers to build flexible, scalable microservices around a reliable core.

Incremental Microservices Integration

• Dynamic API Registration: Simplifies the onboarding process for new microservices with batch imports and OpenAPI standards, reducing time-to-market.

• Decoupled Migration: digiRunner facilitates gradual migration by allowing insurers to build, scale, and test microservices independently without disrupting the legacy core.

• Smart API Caching: Enhances performance by reducing redundant calls to the legacy core, improving overall system efficiency.

Enabling Real-Time Data Flow and Communication

• Real-Time Monitoring: Ensures synchronization between legacy systems and microservices, reducing data inconsistencies.

• Traffic Management: Dynamically distributes requests across microservices to balance workloads and avoid bottlenecks.

• Mock API Testing: Provides a safe environment for pre-deployment testing, ensuring seamless operation post-integration.

Advanced Security and Governance

• Unified Authentication Protocols: Ensures consistent security across both legacy systems and microservices with OAuth 2.0 and token-based frameworks.

• Regulatory Compliance Tools: Provides real-time analytics, automated audits, and compliance dashboards to meet insurance industry standards.

• Policy-Based Management: Groups APIs into logical clusters to simplify governance, enforce security measures, and align with organizational policies.

Transformative Impacts of digiRunner

Accelerated Agility

By enabling microservices integration, digiRunner empowers insurers to develop and deploy new products quickly, adapting to market demands and gaining a competitive edge.

Improved Operational Efficiency

The harmonization of legacy systems and microservices minimizes redundancies, ensures data consistency, and optimizes resource allocation, resulting in significant cost savings.

Enhanced Customer Experience

The agility of microservices enables real-time, personalized interactions, fostering greater customer satisfaction and loyalty. Customers enjoy seamless digital interfaces and responsive, data-driven services.

Scalable Growth

digiRunner’s architecture supports the evolving needs of insurers, from handling increased transaction volumes to launching innovative services, ensuring readiness for future growth.

Strengthened Security and Compliance

With advanced governance and secure communication protocols, digiRunner protects sensitive customer data while ensuring adherence to evolving regulatory requirements.

Conclusion

digiRunner API Management transforms the migration from legacy systems to a microservices architecture into an achievable reality for insurers. By facilitating seamless integration, operational stability, robust security, and dynamic scalability, digiRunner bridges the gap between traditional and modern systems. This transformative approach enables insurers to achieve agility, efficiency, and customer-centric innovation, ensuring long-term success in an increasingly competitive market.

Objectives: Achieving Open Government with Secure and Convenient Citizen Services

Modern public sector organizations face increasing pressure to deliver efficient, transparent, and citizen-focused services. However, the lack of solid and consistent API control, manual processes, and fragmented API governance create barriers to achieving these goals. By leveraging the digiRunner API management platform, governments can overcome these challenges, enabling secure, streamlined, and scalable digital ecosystems that align with open government principles.

Challenges in Achieving Open Government Goals

Inconsistent API Control

• Disparate APIs Across Departments: Siloed systems complicate integration, hindering seamless service delivery.

• Inconsistent Data Standards: Varied data formats and outdated technologies hinder interoperability and collaboration.

Weak API Governance

• Security Risks: Rapid API growth without centralized oversight increases vulnerabilities.

• Inefficiencies: Lack of unified policies and management results in redundant efforts and slower service deployment.

Balancing Transparency and Data Security

• Open Data Dilemmas: Publishing open data must balance accessibility with stringent security to protect sensitive information.

• Regulatory Compliance: Ensuring data governance aligns with privacy laws and standards demands advanced monitoring.

digiRunner’s Transformative Solutions

digiRunner’s robust API management capabilities address these challenges by providing secure, efficient, and citizen-centric solutions:

Hierarchical Access Control and API Grouping for Security and Transparency

• Permissions Framework: Allows for structured access control across departments, ensuring clear boundaries and responsibilities.

• Lifecycle Management: Streamlines API deployment, updates, and deprecation for optimized operations.

Flexible API Orchestration for Legacy Modernization

• Integration Workflows: Facilitates legacy system integration with modern APIs through orchestration features, minimizing manual coding.

• Automated Data Mapping: Ensures smooth transformation of legacy data formats into standardized APIs (e.g., JSON), accelerating digital transformation.

Secure and Scalable Infrastructure

• Advanced Authentication: Implements OAuth 2.0, OpenID Connect, and token-based access control to safeguard sensitive citizen data.

• Scalability: Supports increasing traffic and high-demand periods, ensuring uninterrupted service delivery.

Standardized Interoperability and Open Data Policies

• Data Conversion and Encoding: Facilitates integration of diverse systems, ensuring data consistency across agencies.

• Open Data APIs: Provides secure public APIs, driving innovation while ensuring strict access control.

Citizen-Centric Service Innovation

• Unified Digital Services: Provides citizens with intuitive, branded portals for streamlined access to services such as healthcare, taxation, and social benefits.

• Developer Ecosystem: Supports third-party developers in enhancing public services, fostering ecosystem innovation.

Transformative Impact

Enhanced Citizen Experience

• Streamlined Access: Standardized APIs ensure seamless and convenient citizen services.

• Real-Time Updates: Delivers timely, accurate information across services, enhancing user satisfaction.

Optimized Government Operations

• Efficiency Gains: Centralized API management reduces redundancies and accelerates service rollouts.

• Data-Driven Decision-Making: Enables actionable insights through integrated, real-time data analytics.

Balanced Security and Transparency

• Comprehensive API Security Policies: Protect sensitive data while supporting open data initiatives.

• Regulatory Compliance: Real-time monitoring and automated audits ensure adherence to privacy and security standards.

Promoted Public-Private Innovation

• Open Data Ecosystem: Engages developers and private organizations to create value-added solutions, fostering innovation and public engagement.

Conclusion

digiRunner empowers public sector organizations to achieve the goals of open government by providing a robust, secure API management platform. By balancing data transparency with strong security measures, digiRunner enables seamless integration, operational efficiency, and citizen-centric service delivery. Governments can confidently transition to a digital-first model, setting a benchmark for innovation, trust, and sustainable growth.

Context and Objectives

Governments worldwide are striving to modernize operations to meet citizen demands for faster, seamless, and transparent services. One government client sought to overcome critical inefficiencies and achieve the following objectives:

1. Integrate Disparate Systems: Facilitate seamless data integration across platforms to streamline workflows and improve inter-agency cooperation.

2. Automate Manual Processes: Minimize human error and expedite operations by digitizing repetitive administrative tasks.

3. Enable Open Government: Establish secure, scalable systems for data transparency and citizen access, fostering trust and civic engagement.

4. Enhance API Security: Protect sensitive government and citizen data while ensuring compliance with stringent security regulations.

5. Ensure Scalability for Future Demands: Build a flexible infrastructure capable of handling evolving digital demands and higher transaction volumes.

Challenges

Siloed Platforms

The lack of integration between departmental systems hindered efficient workflows and delayed service delivery.

Manual Data Handling

Processes like data entry and document verification were prone to errors, reducing productivity and complicating resource allocation.

Limited API Security

Without robust security measures, APIs were vulnerable to unauthorized access, exposing sensitive data to potential breaches.

Fragmented Data Sharing

Inter-agency collaboration was inefficient due to inconsistent standards and a lack of secure communication protocols.

digiRunner’s Solutions

Advanced API Security

• End-to-End Encryption: Protects sensitive government and citizen data in transit and at rest using advanced encryption protocols.

• Multi-Layered Authentication: Implements OAuth 2.0 and OpenID Connect to authenticate users and secure access to government APIs.

• Role-Based Access Control (RBAC): Restricts API usage to authorized personnel or systems, ensuring granular control over sensitive data.

• Real-Time Security Monitoring: digiRunner continuously monitors API interactions to detect anomalies, unusual access patterns, or unauthorized activities.

• Certificate-Based Authentication: Uses TLS and JWT certificates to establish secure connections and enhance trust during data exchanges.

Centralized API Management

digiRunner’s API Gateway consolidated fragmented systems, ensuring smooth data exchange while optimizing traffic routing, monitoring, and load balancing for scalability.

API Policy Management

• Rate Limiting and Quotas: Prevents API misuse by limiting the number of API calls per user or system, ensuring fair resource allocation and preventing overloads.

• API Proxy with Secure Exposures: Connects internal APIs to external agencies without compromising backend systems, allowing safe data sharing for inter-agency collaboration.

Seamless Inter-Agency Collaboration

• Flexible API Versioning: Ensures backward compatibility during updates, maintaining stable integrations across agencies.

• Audit Trails and Compliance Reports: Logs API interactions to track data usage, ensure transparency, and maintain regulatory compliance.

Scalable Deployment Framework

• Blue/Green Deployments: Supports zero-downtime updates by maintaining parallel production and testing environments.

• Dynamic Load Balancing: Distributes traffic intelligently to avoid bottlenecks and maintain performance during peak demands.

Transformative Impact

Unified Government Platforms

Consolidated systems eliminated redundancies, enabling cohesive workflows and faster decision-making across departments.

Stronger Security Posture

Advanced API security measures safeguarded sensitive data, reducing risks of breaches and ensuring compliance with data protection regulations.

Enhanced Citizen Trust

Open Government initiatives, supported by transparent and secure API frameworks, improved citizen access to services and boosted confidence in public systems.

Efficient Resource Allocation

Automation of manual processes reduced operational costs and allowed staff to focus on strategic initiatives.

Future-Ready Scalability

The scalable infrastructure ensured readiness for emerging technologies like IoT and AI, empowering the government to adapt to growing demands.

Conclusion

digiRunner has become a cornerstone for digital transformation in the public sector, offering secure, scalable, and efficient API solutions to achieve Open Government goals. By enabling transparent, citizen-centric services and enhancing inter-agency collaboration, digiRunner empowers governments to deliver better services while maintaining strict security standards.

Mission Goals: Enhancing Agility and Customer Responsiveness in Insurance

The insurance industry faces mounting pressure to modernize its technology landscape, ensuring agile operations, robust integration capabilities, and a superior customer experience. With legacy systems struggling to meet the dynamic demands of the market, the goal is clear: adopt transformative solutions to stay competitive.

Key Challenges in Insurance Services

Legacy System Limitations

• Monolithic architectures hinder scalability, making maintenance arduous and integration with external services complex.

• Performance bottlenecks restrict innovation and growth opportunities.

Delayed Time-to-Market

• Legacy development cycles are slow, delaying the launch of new products and services.

• Inflexible processes limit responsiveness to market changes.

Obsolete Technologies

• Outdated programming languages and mainframe systems exacerbate talent shortages and maintenance difficulties.

digiRunner API Management: Targeted Solutions

digiRunner addresses these challenges with a suite of API management tools designed to streamline operations, improve agility, and deliver exceptional performance.

Enhancing System Integration and Scalability

• API Gateway: Acts as a unified entry point for API requests, ensuring seamless routing, load balancing, and access control.

• Dynamic Traffic Management: Balances API traffic across multiple backend servers, optimizing system performance during peak loads.

• API Grouping and Permissions: Logical grouping of APIs simplifies access control and ensures secure, efficient communication between systems.

Accelerating Time-to-Market

• Rapid API Onboarding: Features like batch imports, OpenAPI integration, and configurable proxy paths speed up API deployment.

• Smart API Caching: Reduces response times by caching frequently requested data, enhancing service availability during high-demand periods.

• Mock API Testing: Allows developers to simulate API behavior independent of backend readiness, enabling parallel development and faster delivery.

Ensuring Security and Compliance

• Authentication Server: Implements secure protocols like OAuth 2.0 and OpenID Connect for robust authorization and data protection.

• Token Management: Ensures secure, role-based access through dynamic token settings and certificate-based encryption.

• Regulatory Alignment: Built-in monitoring and analytics provide visibility and ensure compliance with industry standards.

Improving Operational Performance

• API Lifecycle Management: Offers centralized tools for API registration, version control, and performance monitoring.

• Developer Portal: Simplifies API discovery and integration for external and internal teams, fostering collaboration and innovation.

• API Performance Analytics: Tracks usage patterns and system performance, identifying optimization opportunities for sustained efficiency.

Conclusion

digiRunner API Management is a game-changer for the insurance sector, transforming legacy limitations into opportunities for growth. By addressing integration, scalability, and security challenges, digiRunner empowers insurers to modernize their systems, reduce time-to-market, and enhance customer satisfaction. This strategic adoption of API management ensures that insurers not only meet but exceed the expectations of a rapidly evolving market.

3. Log in using the default credentials:

   • Username: manager

   • User password: manager123

1. Upon successful login, you will see the text digiRunner Express displayed in the upper left corner.

After installing digiRunner, configuring an SMTP server is essential to enable system-generated email notifications — such as account creation alerts, password reset messages, system warnings, API key application.

This section provides step-by-step instructions for setting up the SMTP mail sender within the digiRunner Admin Console.

Access System Settings

1. Log in to your digiRunner Admin Console.

2. Go to System Configs > Setting to access the configuration page.

Search for SMTP Settings

1. In the Setting page, enter keywords mail or smtp in the search bar.

2. Click the search icon to filter and display related configuration keys.

Configure SMTP Parameters

1. Update the following key parameters based on your mail server configuration:

2. Make sure both SERVICE_MAIL_ENABLE and SERVICE_MAIL_AUTH are set to true to enable proper email functionality.

1. By default, digiRunner uses Gmail’s SMTP, smtp.gmail.com, and port 587 for TLS-encrypted delivery.

Validate Your Configuration

Trigger Email-sending Events

1. To ensure that your SMTP configuration works properly, create a new user, reset a password, or trigger a system alert to trigger an email-sending event.

2. Go to System Information > Mail Log to check the result:

   • If Result = success, the email was sent correctly.

   • • Example error: A message displaying Username and Password not accepted indicates your SMTP credentials are incorrect.

Resend Failed Emails

1. Go to System Information > Scheduled Tasks to proceed.

2. Find the task, e.g., SEND_MAIL.

NOTE:

• Always enable TLS to ensure secure transmission.

• Double-check SMTP credentials, hostnames, and port settings.

• Ensure your firewall allows outbound connections to the SMTP server (typically on port 25, 465, or 587).

• For Gmail users:

  • Enable App Passwords or Allow less secure apps if required.

  • Avoid using personal accounts in production environments.

Global manufacturing involves complex operations that demand seamless integration and coordination. For one industry leader operating ten factory sites worldwide, the lack of a unified ERP system hindered productivity and scalability. With disparate supply chain management (SCM) and customer relationship management (CRM) systems across sites, inefficiencies, high costs, and inconsistent processes posed significant challenges. This scenario details how digiRunner, a next-generation API management platform, helped streamline operations, optimize costs, and ensure centralized control.

Objectives: Unifying Processes and Reducing Costs

The manufacturer aimed to achieve the following objectives:

1. Streamlined Global Operations: Establish unified workflows across factories for efficient production planning and cross-site collaboration.

2. Cost Optimization: Reduce ERP licensing and integration expenses by consolidating and simplifying system architecture.

3. Enhanced Customer Order Management: Enable real-time visibility into order processes for operational and sales teams.

4. Global Data Security: Strengthen protection against API vulnerabilities by implementing advanced security protocols and ensuring API performance for real-time operations.

Challenges in Decentralized Operations

Diverse Factory Processes

Each site relied on distinct ERP workflows tailored to local operations, impeding cross-site integration.

Inconsistent Operations

Lack of standardized ERP processes limited centralized data analysis and strategic decision-making.

High Licensing Costs

Independent SCM and CRM integrations resulted in excessive licensing expenses across factory sites.

API Security Threats

Inadequate API security exposed sensitive business data to vulnerabilities and breaches.

API Performance Bottlenecks

Inefficient data exchanges delayed critical business decisions and disrupted operations.

Solutions Powered by digiRunner

digiRunner leveraged its robust API management capabilities to address these challenges while achieving the objectives. Through its advanced features, the platform improved security, streamlined operations, and enhanced performance.

Advanced API Security

• Implemented OAuth 2.0, OpenID Connect (OIDC), and Single Sign-On (SSO) for enhanced authentication and access control.

• Applied granular access controls and role-based permissions to limit exposure and unauthorized access.

• Deployed real-time monitoring and anomaly detection tools to proactively identify and mitigate security threats.

API Performance Optimization

• Enabled efficient load balancing to prevent system slowdowns and ensure timely response rates across multiple factory locations.

• Integrated intelligent caching mechanisms to accelerate response times for frequent data requests.

• Improved system throughput by dynamically routing API requests across available pathways to prevent bottlenecks.

Centralized API Management

• Created a unified gateway to optimize data exchange, eliminating redundancies and accelerating system interactions.

• Cross-system integration brought together ERP, workforce management, and supply chain processes into a single cohesive structure.

Business Middleware

• Served as a secure communication bridge between disparate systems, ensuring smooth and secure backend operations.

• Managed data routing and secured interconnections between ERP workflows and operational processes.

Governance and Monitoring

• Provided a centralized admin console for real-time API monitoring, lifecycle management, and compliance enforcement.

• Offered built-in firewall and security compliance tools to ensure sensitive business data remained protected.

Transformative Impact

The implementation of digiRunner delivered significant results:

• Efficiency Gains: Optimized ERP function calls, reducing system response times and enhancing development efficiency.

• Enhanced Production Control: Standardized workflows streamlined production schedules, resulting in notable improvements in planning cycles and resource utilization across sites.

• Cost Savings: Centralized architecture led to reduced licensing and administrative expenses.

• Operational Synergy: Integrated processes supported dynamic production planning and improved real-time order management, boosting customer satisfaction.

• Improved Security and Performance: Enhanced API security reduced breach risks, while performance optimizations ensured timely data processing.

• Sustainability: digiRunner’s scalable model reduced paper dependency and provided flexibility for future site integrations.

Conclusion

By leveraging digiRunner, the global manufacturer streamlined operations, strengthened security, and optimized performance across its decentralized sites. digiRunner’s advanced API management platform transformed ERP processes, enabling operational agility, strategic decision-making, and long-term scalability. Focusing on security, performance, and integration, digiRunner proved essential for navigating the complexities of modern global manufacturing.

Rate limiting in digiRunner controls the number of API requests allowed within a specific time frame, ensuring system stability and preventing abuse. The rate limiting configuration can be applied to individual clients or groups based on their API access levels.

In digiRunner, rate limiting is implemented through adjustments to the API Quota and TPS/Node settings.

Configuring Rate Limiting

Access API Client Management

Go to Client Management > API Client to manage clients subject to rate limits. You can either create a new client or update an existing one.

Create Client

Click Create to access the client creation page.

Update Client

Set Limits

When creating or updating an API client, configure the API Quota and TPS/Node (Transactions per second) settings.

• API Quota: Specifies the total number of API calls the client can make without restriction. If the same API was pressed repeatedly 10 times, it also counts as 10 times.

• TPS/Node (Default 10): Specifies the number of times this client can call the API per second. The default for this field is 10, meaning that the API will be called 10 times per second. For example, if both the TPS/Node and API Quota are set to 10, the user can make 10 API calls per second. However, once the user reaches a total of 10 calls for the day, further API access will be denied.

Testing Rate Limiting

Create an API Group and Add Clients

1. Go to Client Management > API Group.

2. Create a new group for clients to which you want to apply rate limiting.

3. Add the desired API to this group, which will apply the rate limiting rules.

4. Assign the clients to the group so that they inherit the rate limiting settings for this API.

Run API Test

1. Go to API Management > API Test to test the API with the rate-limited group.

2. Send requests to the API via the API Test feature to verify that rate limiting is enforced.

Monitor Responses

Observe API responses; if the rate limit is exceeded, the server will return an HTTP 429 (Too Many Requests) error.

VIP Gateway Priority Settings in digiRunner allow users to prioritize API requests from VIP clients (high-value users) over regular clients. This ensures that during periods of high traffic or system stress, VIP clients access services faster and more reliably, enhancing their user experience and maintaining critical operations.

Configuring VIP Gateway Priority

Access API Client Management

Go to API Client Management in the digiRunner Admin Console.

Update API Client Priority

1. Locate the Priority option, and adjust the priority level to ensure the client receives higher priority in the gateway compared to regular clients.

• Priority: The level determining the order in which this user can access the gateway during periods of network congestion.

Proxy caching in digiRunner enhances performance by storing frequently accessed API responses and static web resources, reducing backend load and speeding up response times for end users.

Configuring Proxy Caching

Select API for Caching

1. Go to API Management > API List, and search for the API you want to enable proxy caching for.

Enable API Cache

In the API settings, locate the API Cache field and select from the following options:

• None: Disables caching.

• Adaptive: Adjusts caching dynamically based on API usage patterns.

• Fixed: Caches responses for a set duration.

Set Cache Parameters

1. Set the cache duration in the Fixed Cache Time (Minute)* field, which is only available if API Cache is set to Fixed.

1. Click Update to save and exit.

Testing Proxy Caching

Run API Test

1. Go to API Management > API Test.

2. Select the API or static resource that you have set up for caching.

3. Send requests to the API via the API Test feature to verify that proxy caching is enforced.

Observe Initial Response

Record the response time for the first request. Since this is the first access, the proxy fetches the content from the backend and stores it in the cache.

Send Repeated Requests

1. Use the API Test feature to send the same request multiple times.

2. For subsequent requests, the response should be served from the cache, resulting in noticeably faster response times.

Load balancing distributes incoming traffic across multiple servers to prevent any single server from becoming overwhelmed, improving fault tolerance, availability, and performance for APIs and backend services.

Configuring Load Balancing

Select API for Load Balancing

1. Go to API Management > API List, and search for the API you want to enable load balancing for.

Add Multiple Target URLs and Set Traffic Distribution

In the API settings, you can add multiple Target URLs for backend services.

1. Locate the Target URLs field to configure the backend service URLs.

1. For each backend server or service that will receive traffic, specify its corresponding Target URL.

2. Assign a percentage of incoming traffic to each target URL. This is how load balancing is achieved. For example, you can distribute traffic as:

   • Target URL 1: 50%

   • Target URL 2: 30%

   • Target URL 3: 20%

3. Click Update to save and exit.

Testing Load Balancing

Run API Test

1. Go to API Management > API Test.

2. Select the API that you have configured for load balancing and send multiple test requests.

Monitor Traffic Distribution

Observe the responses via the API Test feature. Check if the requests are routed according to the distribution percentages set in the load balancing configuration.

You should see requests distributed across the different backend servers or services.

Check Response Data

Review the responses from each backend (target URL) to confirm that requests are handled by different servers.

Sandbox testing in digiRunner enables developers to simulate API operations safely, ensuring functionality and service quality without impacting live services. It supports parallel development for frontend and backend teams using mock data, reducing delays and improving efficiency.

Configuring Sandbox Testing

Access API Management

Specify Mock Test Values

In the mock configuration section, fill in Mock Status Code, Mock Headers Key, Mock Headers Value, and Mock Body to simulate the API response during testing.

• Mock Status Code: Specify the HTTP status code the API should return during the mock test, such as 200 for success, 404 for not found, 500 for server error.

• Mock Headers Key: Specify the custom header keys to include in the mock response. These headers provide additional information, such as content type, authorization, or caching policies.

• Mock Headers Value: Specify the corresponding values for the custom headers defined in the Mock Headers Key field. For example, for a Content-Type header, you could assign the value application/json.

• Mock Body: Specify the simulated response body in JSON format. For example:

  Copy

  {
      "name": "john",
      "salary": 150000
  }

Run Mock Test

1. Go to API Test.

2. Use the Mock Test feature to send a request to the API and verify that the system returns the mock data configured previously.

Calling Mock Data with External Tool

Follow the steps below to call mock data set in digiRunner using an external tool like Postman.

Set Request Type and URL

1. Select the appropriate HTTP method (e.g., GET, POST) based on the API you are testing.

2. Fill in the URL of the API endpoint for testing.

Add Headers for Mock Testing

1. Launch Postman, and go to the Headers tab (as shown in the image).

2. Add a new header with the key dgr_mock_test, and set its value to true (refer to steps 2 and 3 in the image). This informs digiRunner that you want to use mock data for the request.

3. Add any additional required headers, such as Content-Type or Authorization, according to the API specifications.

Send the Request

1. Once the mock headers are set up, send the request.

2. The response should include the mock data you configured in digiRunner, including the mock status code, headers, and body.

Disclaimer

Thank you for using digiRunner! digiRunner has undergone an initial vulnerability scan and open-source license compliance check, with no known issues identified. However, this project is provided under the Apache 2.0 License on an "as-is" basis and does not guarantee its suitability or security. Users must independently verify whether the project meets their specific needs and environments.

• You may copy, share, modify, and distribute this work.

• You must retain the following notices, accreditation, and disclaimers: “This product includes software developed by the digiRunner project under the Apache License, Version 2.0.”

Disclaimer: Under the terms of the License, this project is provided on an "as-is" basis. While the License allows free usage, this project does not offer any proprietary, explicit, or implied warranties. You should conduct a thorough analysis to ensure safety and applicability.

For detailed information about the license, please refer to the digiRunner GitHub repository.

The imported file must be a JSON file exported from digiRunner. This feature simplifies the process of handling multiple APIs with the same settings. If set to No Auth, it simplifies the authentication process, allowing for quick verification of API call success.

Importing APIs to digiRunner

Application scenarios include the operation of launching APIs from the test environment to the official environment, the launching of multi-center APIM, or API migration.

1. Go to API Management > API List, and click Import API.

1. Click on the File icon, select the file, and then click Upload. A successful upload prompt will pop up, and the API information will be displayed in the table below.

1. Check the list to select all APIs, and then click the Import button to import the APIs successfully. The import result will be updated to success.

Enabling APIs in Batches

1. Go to API Management > API Modify Batch to enter the page. The default statuses of the newly imported APIs will be displayed with a red icon, indicating that the API is not yet enabled.

1. Check the box in the header cell to select all the APIs, and click Enable. A confirmation message will appear, click Confirm to save and exit.

1. A successful update prompt will pop up, and the status light will turn green, indicating that the API has been successfully enabled.

Enabling No Auth for APIs in Batches

1. The default status of No Auth for newly imported APIs is disabled, and the field is empty.

1. Check the box in the header cell to select all the APIs, and click Active No Auth. A confirmation message will appear, click Confirm to save and exit.

1. A successful update prompt will pop up, and the No Auth field will display a check symbol, indicating that No Auth has been enabled.

JWE (JSON Web Encryption) is a standard for securely transmitting encrypted data between two parties. In digiRunner, JWE safeguards API communications by protecting sensitive data from unauthorized access. The encryption ensures both the confidentiality and integrity of the transmitted data.

• JWE encryption flowchart

Configuring JWE Signature Verification for API Requests and Responses

1. In the JWT Settings field, toggle the switch to enable the JWT function.

2. Select JWE from the Request drop-down menu.

3. Select JWE from the Response drop-down menu.

1. Click Update to complete the encryption.

Managing JWE Certificates

View JWE Certificate List

1. Go to Certificate Management > JWE Cert. List.

2. Set Date Range, and click Search.

3. View JWE encrypted certificates associated with specific API clients, including their status and expiration dates.

Upload JWE Certificates

1. Go to Certificate Management > JWE Cert. Management.

2. Enter the keyword in the Search Client field to search for the client, and click Search.

1. Select the required JWE certificate file, and click Open to upload it. The uploaded certificate will now be available for use with the associated API client.

Delete JWE Certificates

IP Binding in digiRunner serves as an IP whitelisting mechanism, enabling administrators to restrict API access to trusted IP addresses. Implementing IP binding helps enhance security by ensuring that only authorized clients can interact with your APIs. By configuring IP whitelisting through IP binding, you can control and limit API access to specific, pre-approved IP addresses, reducing the risk of unauthorized access.

Prerequisites

Before configuring IP binding, ensure the following:

• You have administrative access to the digiRunner Admin Console.

• You have identified the trusted client IP addresses.

Configuring IP Binding

To configure IP binding for a client in digiRunner, follow the instructions below.

Access Client Management

1. Log in to your digiRunner Admin Console.

2. Go to Client Management > API Client to proceed.

Create or Update a Client

1. To create a new client, click Create.

Configure IP Binding

1. Locate the IP Binding field within the client configuration form.

2. Fill in the authorized client’s hostname or IP address. Only requests from these specified IP addresses or hostnames will be allowed to access the APIs associated with this client.

Define Activation and Expiry Period

1. Specify the Start date to activate the client's access.

2. Set an Expiry Date to automatically revoke the client's access after a defined period. To allow indefinite access, leave this field blank.

Save Your Configuration

Click Create for new clients, or Update for existing clients, to save your changes and activate IP binding.

Best Practices for IP Whitelisting in digiRunner

• Regular Review: Regularly audit IP binding configurations to reflect changes in authorized IP addresses.

• Accuracy: Ensure IP addresses are correctly entered to prevent unintended access disruption.

• Multi-layered Security: Combine IP binding with other security measures, such as API Keys and OAuth tokens, for robust protection.

Implementing IP binding within digiRunner significantly strengthens API security, ensuring that only verified and trusted IP addresses can access your API resources.

When internal/external personnel need to use APIs, a set of account and password needs to be acquired first, then pass client management authorization before they can be used. Users can also add and edit the API groups they need to use in groups, and when users and groups have matching security levels, clients can call the APIs in the group.

Group - A list of all APIs that control authorization; APIs authorized to be called successfully through Auth are defined by groups.

Client - To perform account and password verification for Auth authorization through the client, permission to call group APIs need to be obtained from the action of authorization groups.

Creating API Groups

The scope of authorization can refer to the establishment operation of group maintenance.

1. Go to Client Management > API Group, and click Create Group.

1. Fill in the required fields.

1. If there are APIs that require authorization, you need to go to the Module list field and click Select.

2. Go to the Module list and select the Module to authorize, and click Select.

3. It will move to the list of selected Modules, then click Apply.

1. Next, click Select API for that Module, and go to the list to select the API to authorize, then click Select.

2. It will move to the list of selected Modules, then click Apply. Return to the New page and click Create.

1. Creation of the group is completed, go to the API Group page and the data entry can be queried.

If you need more help when creating a API Group, please refer to the following link for more information.

Creating Client Accounts and Authorizing Groups

Creating Client Accounts

1. Go to Client Management > API Client, and click Create.

1. Fill in the required fields.

2. Click Active for the Status field, and select Internally for the API Audience field.

3. Although the E-mails field is not required, but it is still recommended to fill it in since there is the E-mail verification function.

4. Click Create to complete the creation.

1. Go to the API Client page to verify if the entry has been successfully created.

If you need more help when creating a API Client, please refer to the following link for more information.

Authorizing API Groups for Client Use

1. Click the API Group tab to enter the authorization setting page, then click Add.

1. Search for the created group, then click Update after selecting the group.

1. Confirm that the authorization setting page has data of connected groups displayed on the list to finish connection.

Verifying Registered APIs with Client Credentials

APIs registered in the system can use different OAuth Grant Type for verification.

Note: For other authorization methods such as Password and Basic Auth, etc., please refer to their corresponding processes.

1. Go to API Management > API Test, and the digiRunner URL field will automatically populate with the API URL registered in digiRunner.

2. In the Authorization field, select Client Credentials.

3. In the Client ID and Client password fields, fill in the client account and password that are registered and authorized for the API.

4. Click Test to view the response. In this example, the status code is 200, indicating the body contains the data defined by the API.

APIs registered in the system can be configured to allocate IP traffic and restrict access.

This application is similar to the concept of double centers. Using the concept of branch company for explanation, Taipei IPs need to use Taipei APIs, and Kaohsiung IPs need to use Kaohsiung APIs; setting it properly will make them easier to manage and prevent errors from being accidentally triggered.

Registering APIs

1. Go to API Management > API Registry, and click CUSTOMIZE to enter the registration page.

2. Fill in the required fields: API Name, digiRunner Proxy Path and Http Methods.

3. Since authentication is not required for now, select No Auth.

1. After selecting Source IP diversion for the Target URL field, click on the + icon to get two Source IP input boxes.

• Fill in the local IP for the first Source IP, and fill in the API address to call for the target URL.

• Fill in the Custom IP for the first Source IP, and fill in the API address to call for the target URL.

1. Click Register to complete the API registration.

Calling API Verification Dispatch Function

2. Select No Auth for Authorization.

3. Click Test to view the response. Since the local IP is defined in the Source IP, it is expected that the return code will be received successfully and be 200, and the Body contains the data defined by the API.

1. In the Key field of the Request Header, fill in X-Forwarded-For, and in the Value field, fill in the custom IP that matches the Source IP.

2. Click Test to view the response. Since the custom IP is defined in the Source IP, it is expected that the return code will be received successfully and be 200, and the Body contains the data defined by the API.

1. In the Key field of the Request Header, fill in X-Forwarded-For, and in the Value field, fill in a random custom IP.

2. Click Test to view the response. Since the IP is not defined in the Source IP, it is expected that the call will fail, the return code received will be 401, and the Body will respond "Missing srcUrl information".

Path: AC User Management > User

In this section, you can find instructions on how to manage the users of the system, including creating, updating, deleting, and searching the users.

Create Users

1. Click Create to access the user creation page.

1. Fill in the data or make selections as instructed below. The fields marked with “*” are required.

• Username*: The account the user uses to log in to the system.

• Display name*: The name of the user using the system.

• Password* / Confirm password*: The password the user uses to log in to the system.

• email*: After the user is created, related information will be sent to the E-mail the user registered.

• Organization: Organization that the user belongs to.

• Status*: Determines whether the user can log in to the system.

• Role*: Roles selected; it represents the system permissions that this account has access to.

2. Change the status to Active.

1. After creating the user, the system will send a “user account created” email.

Search Users

Update Users

1. If Reset password is selected, the system will send a change password email to the user; the user can log in to the system using the password included in the email and go to My Profile to change the password.

1. If the user has Failed login attempts, Reset password attempts can be selected, and the system will reset the failed login attempts of the user.

2. Modify the desired fields, and click Update to save and exit.

Delete Users

If this user account is no longer used, it can be deleted from this page.

1. Click Delete to delete the user and exit.

View Users

If there is the need to confirm all data transferred during the calling of APIs, they can be viewed via the online console to make it easier for developers to debug, and to provide detailed information for developers to perform analysis. Users can view all data transmitted during API calls in the Online Console. This feature is useful for developers for debugging and data analysis.

Enabling Setting File for Tracking Logs

1. Go to System Configs > Setting to view the list of all configurations.

1. Update the value to true, and click Update to apply the changes and enable tracing.

Calling APIs

A new tab with the online console page opened needs to be prepared in advance before calling; you can go to 10.3 first to refer to the steps.

1. In the Authorization field, select No Auth, then click Test.

2. Review the response. A status code of 200 indicates a successful API call.

Tracking Logs through Admin Console

1. Go to System Configs > Online Console to enter the page.

2. Verify that the state field is set to OPEN to view the API logs. The example is shown below.

Organization and role must be created first in order to perform the related permission management for the user.

• Organization - Uses tree structure to realize permission control and group management for high-levels to restrict low-levels.

• Role - This is the item list displayed on the left side of the management interface, used to achieve the expectation of controlling the functions used.

Creating Organizations

1. Log in, and go to AC User Management > Organization to view the organizational tree diagram.

2. Click Create to access the creation page.

1. Fill in the required fields: Dept. name, Contacts name, Contacts telephone and Contacts email.

2. Click the button to the right of Belonged dept., select the organization belonged to from the tree diagram that popped up, and click Add to complete adding organization.

1. To confirm whether the organization was added successfully, you can view the tree diagram. If the organization was added successfully, you can see the name of the organization added to the right of Belonged dept. on the organizational tree diagram.

Creating Roles

1. Go to AC User Management > Roles to view the current list of roles.

2. Click Create in the upper right corner to access the role creation page.