API Cloud provides the authorization of the APIs published using basic auth. But what do we do if our back-end is also secured using a different mechanism. In this blog i will explain how we can create and API and invoke a back-end when the back-end has been secured using a user name and password.
To demonstrate this sample i will be using a JAX-RS based service used in the WSO2 APP cloud. It is a basic jax-rs application very much like the one found here. It is a service that can be used to get the id and name of a customer when the id is passed as a parameter which is the operation I will be using to demonstrate the example. This service cannot be accessed unless we provide the credentials.
1. Log in to WSO2 Cloud and navigate to the API Cloud where it will direct you to the publisher portal. If you do not have an account you can find the steps here.
2. Create a new API and use the guidelines in the image below to design the API. Give the request URI as customerservice/customers/{id} and select implement.
3. In the implement tab we need to give the endpoint as https://appserver.dev.cloud.wso2.com/t/backstage/webapps/customerdetailservi-default-SNAPSHOT/services/customers/customerservice and select the Endpoint Security Scheme as ‘Secured’ under ‘Show more options’.
4. Here we need to provide the credential we have used to secure our back-end service.
5. After which the tiers were selected and the API was published in the store.
6. After the API has been successfully created we can invoking after subscribing to the API using an application and observe the result.
7. Provide the value 123 for the id and Try it. You will see a response as below.
8. Let’s remove the secured property and try to invoke the API again.
References:
[1] http://wso2.com/blogs/cloud/your-own-jax-rs-as-an-oauth-web-api-in-minutes/
[2] https://appserver.dev.cloud.wso2.com/t/backstage/webapps/customerdetailservi-default-SNAPSHOT/services/
[3] https://docs.wso2.com/display/AS530/JAX-RS+Basics
[4] http://shenavid.blogspot.com/2015/10/wso2-cloud-wso2-cloud-consists-of-two.html
[5] https://docs.wso2.com/display/APICloud/Create+and+Publish+an+API
[6]https://docs.wso2.com/display/APICloud/Subscribe+to+and+Invoke+an+API
To demonstrate this sample i will be using a JAX-RS based service used in the WSO2 APP cloud. It is a basic jax-rs application very much like the one found here. It is a service that can be used to get the id and name of a customer when the id is passed as a parameter which is the operation I will be using to demonstrate the example. This service cannot be accessed unless we provide the credentials.
The service was secured in the manner explained in this blog. A security constraint tag was included to the web.xml of the jax-rs service which will require credentials if we need to invoke the methods of this service using our API.
First Let’s create our API to demonstrate the scenario.
First Let’s create our API to demonstrate the scenario.
1. Log in to WSO2 Cloud and navigate to the API Cloud where it will direct you to the publisher portal. If you do not have an account you can find the steps here.
2. Create a new API and use the guidelines in the image below to design the API. Give the request URI as customerservice/customers/{id} and select implement.
3. In the implement tab we need to give the endpoint as https://appserver.dev.cloud.wso2.com/t/backstage/webapps/customerdetailservi-default-SNAPSHOT/services/customers/customerservice and select the Endpoint Security Scheme as ‘Secured’ under ‘Show more options’.
4. Here we need to provide the credential we have used to secure our back-end service.
5. After which the tiers were selected and the API was published in the store.
6. After the API has been successfully created we can invoking after subscribing to the API using an application and observe the result.
7. Provide the value 123 for the id and Try it. You will see a response as below.
8. Let’s remove the secured property and try to invoke the API again.
9. Go to the API Publisher and select edit option for the API created above.
10. In the implement tab click the ‘Show more options’ link and change the endpoint security scheme as ‘Non Secured’.
11. Save and Publish the API again.
12. Go back to the API Store and invoke the GET method using the id value as 123. You will be unauthorized since the back-end cannot be access unless we pass the required authorization.
10. In the implement tab click the ‘Show more options’ link and change the endpoint security scheme as ‘Non Secured’.
11. Save and Publish the API again.
12. Go back to the API Store and invoke the GET method using the id value as 123. You will be unauthorized since the back-end cannot be access unless we pass the required authorization.
References:
[1] http://wso2.com/blogs/cloud/your-own-jax-rs-as-an-oauth-web-api-in-minutes/
[2] https://appserver.dev.cloud.wso2.com/t/backstage/webapps/customerdetailservi-default-SNAPSHOT/services/
[3] https://docs.wso2.com/display/AS530/JAX-RS+Basics
[4] http://shenavid.blogspot.com/2015/10/wso2-cloud-wso2-cloud-consists-of-two.html
[5] https://docs.wso2.com/display/APICloud/Create+and+Publish+an+API
[6]https://docs.wso2.com/display/APICloud/Subscribe+to+and+Invoke+an+API
API calls are the foundation of modern digital interactions, allowing different software systems to communicate and share data seamlessly. They're like the language that applications speak, enabling them to request and exchange information. These calls empower countless online services, from weather apps to social media, making them user-friendly and efficient. The reliability and speed of API calls are crucial, ensuring a smooth experience for users. As our digital world continues to expand, understanding and optimizing API calls remain pivotal for delivering responsive and interconnected software solutions.
ReplyDelete