I am working with WSO2 and my task is to create REST API which will take data from database and provide it to users.
I did this using Integration studio.
But how can I secure my API using Auth2?
Is there any possibility how can I see my API in WSO2 API manager?
Thank you for answers
You can publish your service to API Manager and convert the service to a managed API from the API publisher. Please check - https://apim.docs.wso2.com/en/latest/integrate/develop/working-with-service-catalog/
Once you create an API in API Manager you can have OAuth2 for the REST API.
For the complete tutorial please check - https://apim.docs.wso2.com/en/latest/tutorials/integration-tutorials/service-catalog-tutorial/
Update: Alternative method of using WSO2 MI and WSO2 API Manager
Extract the car file using the steps in [1].
Download the MI runtime from [2].
Extract the MI zip and place the car file in MI_HOME/repository/deployment/server/carbonapps location.
Start the MI server.
Download the API Manager from [3] and start it.
Create an API in the API Manager. While creating the API, you can provide the MI endpoint as the endpoint of the API in the API Manager.
You can deploy and publish the API to start consuming the API.
[1] - https://apim.docs.wso2.com/en/latest/integrate/develop/integration-development-kickstart/#step-3-build-and-run-the-artifacts
[2] - https://wso2.com/integration/micro-integrator/
[3] - https://wso2.com/api-manager/
Related
I am very new to WSO2 API manager and trying out my very first simple restful api. which returns json response and has no security since it is an internal api.
I installed WSO2 API manager locally and trying to call the rest api on my dev server which uses http and no security as I mentioned earlier.
Here is how my get url looks like:
and here is my url looks like for production and sandbox environment:
I don't have any message mediation enabled.
I went to the API store and created a trial application (so that I can get the access token. Eventhough, my dev environment api has no security, I was reading that for throttling and other purpose, I need to pass bearer token to the WSO2 api OR it will reject the request.)
When I am trying to consume the api, I get the following binary message.
Is there any way I can see the proxy log on WSO2 server so that I can see the request and its header sent to my dev server?
How can I fix this binary response to get the proper json response?
I searched all over and can't find solution to it.
You can use below steps on WSO2 ESB or APIM to enable Wire Logs.
Uncomment below line in /repository/conf/log4j.properties
log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
Restart Server.
Source - http://lakshanigamage.blogspot.com/2015/03/how-to-enable-wire-logs-in-wso2-esbapim.html
I try to use OAuth 2.0 to Access Google APIs (Google Analytics API v4) in Apache Nifi.
I using Service Account basing on this document: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
There is one specific moment if using OAuth 2.0 for Service Account (Google API):
These service-account scenarios require creating and cryptographically signing JSON Web Tokens (JWTs).
The best example of OAuth access will be using NiFi + JWT:
Create a JWT
Request an access token from the Google OAuth 2.0 Authorization Server
Handle the JSON response from Authorization Server
Point 1 (about JWT) is most interesting.
Are there any examples of already implemented flows exactly For Google Analytics?
Thanks
I don't know of any specifically for Google Analytics, but there are plenty of examples of OAuth 1.0/2.0 access using Apache NiFi. In general, you will use the InvokeHTTP processor to perform GET/POST/etc. HTTP operations against the remote endpoint.
Without specifying an issue you are encountering, I would suggest you read these articles:
HCC: Using GetHTTP for Salesforce Integration with OAuth2.0 authentication parameter
OAuth 1.0A with Apache NiFi (Twitter API example)
How to set Twitter OAuth attributes to InvokeHttp processor for fetching twitter user profiles
NiFi OAuth 2.0 Template
Google Vision & Apache NiFi - Making Advanced Computer Vision Feasible
I want to write a Java program running externally to Bluemix that interacts with the instance of the Bluemix Object Store I have provisioned.
The program will use the Swift REST APIs to interact with the service.
The documentation for how to use the REST API is mainly missing in the service documentation and the OpenStack documentation is not helpful with specifics on how to reach the Bluemix service.
Can someone tell me what headers to set and what URL to use to authenticate with the service, and then what headers to set and what URL to use to further interact with the service ? Where do I find this information for my instance of the service ? It doesn't seem to all be available in the service credentials that are displayed.
Also, do I need to do basic authentication every time a REST call is made, or is there a way to get a token ? Where is that explained ?
The Bluemix Object Storage uses the OpenStack Identity (Keystone) v3 API for authentication. For complete documentation on the REST API, see: http://developer.openstack.org/api-ref-identity-v3.html
Since your application will be developed in Java, I'd suggest you use the openstack4j SDK. For example of using openstack4j with Bluemix object storage service, see: https://developer.ibm.com/recipes/tutorials/connecting-to-ibm-object-storage-for-bluemix-with-java/
I am trying to publish SOAP APIs in WSO2 using the endpoint security scheme. I am using it as basic authorization and putting in credentials, but it seems to not be calling the backend API with those creds. Right now I can as a workaround pass in the basic auth headers myself, along with an Oauth2 token (in the header) to hit the published API in the store.
Am I just going about this wrong?
Using WSO2 API Manager 1.6
EDIT: I have replicated this issue in WSO2 API MANAGER 1.8. Viewing the packets in wireshark, it is making the request without adding the authorization. Restful calls with embedded authentication on the WSO2 layer seem to be working fine.
You can publish SOAP/REST APi's in WSO2 API Manager. You need to pass in the username password, along with the Authorization header which is base64 encoding (consumer key:consumer secret), You can follow the blog post [1] on how to consume a SOAP API & [2] for more information on tokens.
[1] http://charithaka.blogspot.com/2012/07/consuming-soap-service-using-wso2-api.html
[2] http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html
The above blog [1] &[2] refers to a API Manager older release, hence you will need to refer to WSO2 API manager 1.6 releases documents [3] for API key generation etc.. However, to find out how to publish SOAP API's you could use the blog pointed out.
[3] https://docs.wso2.com/display/AM160
According to the documentation it only seems possible to authenticate against the windows azure service management API by attaching a certificate to each request which I previously have uploaded to the management portal.
The new management API has been built using the service management API, but it uses windows live authentication. Is it possible to use windows live to get the windows azure subscription ID and the certificate, so I can use the same authentication mechanism the management portal uses?
What makes you think that the Service Management API uses Live ID for authentication? It is just the portal that uses Live ID for authentication.
If you dig a bit you will notice that all the service requests from the management portal are made against https://manage.windowsazure.com/Service while The Base URI for management service is: https://management.core.windows.net
So, No, you can't authenticate against the Management API with Live ID. Moreover, it is the Management API is not new. The portal is New. The management API has been there for a while and is updated from time to time to reflect new services that are coming.
UPDATE AFTER THE 2 COMMENTS
Following Gaurav's explanation I will just add a simple architecture diagram (super simplified and totally my thought, but this is how would I build it in very minimalistic way):
[User's browser (portal)] ==> Sends XmlHttpRequest (AJAX) to ==> [Portal Service]
then
[Portal service backend] ==> signs request with predefined certificate and sends request to ==> [management.core.windows.net/subscription-id/whatever/service/command]
This actually is a very common practice to provide UI to a (web) service.
This way both conditions are implemented:
You use Live ID to authenticate with the portal
The Windows Azure Service Management API are yet, still and only protected by a Certificate.