I am using IBM API Connect solution, and require securing request packet with hash signature (sha256). How this is possible?
Related
I have an rest HTTP endpoint that is sitting outside of AWS, but I want to use AWS API Gateway to proxy through to that endpoint. What would be the best way to only allow requests to the HTTP endpoint to process that come through the API gateway?
One possibility would be to make your non-AWS endpoint require a client TLS certificate. AWS API Gateway can generate client certificates, and your non-AWS endpoint can:
require a client certificate (if not provided, then ignore / don't allow)
use the API Gateway cert public key to verify the client is your API Gateway.
This would give you good assurance that traffic to your non-AWS endpoint is only coming through the AWS API Gateway, so long as the client certificate generated by AWS is not compromised.
From the AWS FAQs:
Q: Can I verify that it is API Gateway calling my backend?
Yes. Amazon API Gateway can generate a client-side SSL certificate and make the public key of that certificate available to you. Calls to your backend can be made with the generated certificate, and you can verify calls originating from Amazon API Gateway using the public key of the certificate.
We are using WS02 ESB to create cloud app connections to our platform.
Our current issue: If we want to connect to any app (take salesforce as an example), we need the following details:
UserName
Password
Token
As a pre-requisite, the salesforce account should be API enabled.
We thought of using SSO in backend to avoid (3) and (4), but it's not possible with SAML(SSO).We are looking into ways to connect and publish data to salesforce with just Username(1)/Password(2). In this process of evaluation, SSO is one of the options
Any suggestions on how we can get the below details for APPS would be much appreciated!
• How do we get Token
• How we accept only the accounts where API's are enabled.
As far as I understand what you need is to call an SAML SSO secured backend app (i.e :- salesforce)?. If its the case you may use WSO2 Identity server for this purpose.You can obtain tokens from it.Further You can use this guide and this to call SAML secured backends through ESB.
Hope this helps.
You can use ESB Connectors to connect with Salesforce API. You can find Salesforce SOAP connector (which uses the username, password, and security token for authentication), Salesforce REST connector (which uses OAuth protocol) and Salesforce bulk connector (which also uses OAuth protocol) at WSO2 Store.
In WSO2 we have 150+ ESB connectors to communicate with third party API's via ESB. You can download the connector from WSO2 Store and can follow the documentation here. In connectors we have the mechanism to connect the third party API's(For Example In salesforce SOAP based connector we had the username password flow and for Salesforce REST connector we had oAuth 2.0 flow and the username password flow). In all connectors you just call the init method to get the Token to access the API.
I want to set up API Gateway to point to a Lambda function which will process outbound messages from Salesforce.
All Saleforce instances share an IP range, so the way to verify that a message is from our instance is to use a cert from Salesforce to provide mutual authentication.
I know that you can use mutual authentication between API Gateway and your backend service, but I'm not sure about between the client and API Gateway. Is this possible to set up?
API Gateway does not currently support client certificate validation (aka mutual authentication) between the client and API Gateway. We have a feature request for this on our backlog, but we can't commit to a timeline for delivering it.
I am using strophe.js for implementing XMPP to connect using google account. I am already using Google OAuth for login into my application using the OAuth token.
How do I use the X-OAUTH2 mechanism to make the <auth> request using strophe, rather than providing the password for the authentication to the XMPP service.
Google's documentation for the X-OAUTH2 authentication states this is the initial <auth> request to make:
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
mechanism="X-OAUTH2"
auth:service="oauth2"
xmlns:auth="http://www.google.com/talk/protocol/auth">
base64("\0" + user_name + "\0" + oauth_token)
</auth>
I'm starting to building a client using strophe, to which I'm new too. I guess you'll need to use a proper BOSH connection manager to authenticate to xmpp server with oauth2. I know punjab is popular, you could try to use that, but I'm looking at Node BOSH, as mentioned here XMPP client Not connecting - using Node Bosh server
How could Azure help me to secure my rest services? Does the Service Bus provide a easier way to secure my REST services without requiring me in install my own SSL certificate?
Yes. ServiceBus uses SSL to encrypt the connection at the transport level, and ACS for authentication and authorization. You don't need to import your own certificate for this scenario.
Here's an example of how to use the SB REST APIs with ACS enabled:
http://rickgaribay.net/archive/2012/01/19/common-service-bus-queue-operations-with-the-rest-api.aspx