apis for api management: consume and develop apps
TRANSCRIPT
APIs for API Management: Consume and Develop Apps
Lakmali BaminiwattaSenior Software Engineer
Tharindu DharmarathnaAssociate Software Engineer
● Introduction● Publisher REST API● Store REST API● Access Control and Security● Consume APIs and Develop APPs
■ Register Apps and Obtain Consumer Key/Secret■ OAuth Scopes■ Generate Access Token■ Invoke APIs
● Demo● Q & A
● WSO2 APIM 1.10.0 is released with a new REST API for API Management.
o Follows RESTFul Principleso Swagger API Definitiono Secured with OAutho Current version : v0.9
● Apps can be developed for API Management by consuming the REST API.
● RESTFul API for Publisher Operations
● Apps can be developed for API Publisher functionality by consuming the APIs
■ API for APIs , API for Tiers, API for Subscriptions, etc
● API Definition is documented with Swagger 2.0■ https://docs.wso2.com/display/AM1100/apidocs/publisher/
● RESTFul API for Store Operations
● Apps can be developed for API Explore/Consume functionality by consuming the APIs
■ Subscriptions API, APIs API, Tags Collection API, Tiers Collection API, etc
● API Definition is documented with Swagger 2.0■ https://docs.wso2.com/display/AM1100/apidocs/store/
● By default REST API is secured with OAuth 2.0■ Resources are protected with OAuth Scopes
● Pluggable security mechanism■ ex: XACML over Basic Authentication
1. Register the Application and obtain Consumer Key/Secret
● Dynamic Client Registration (DCR)● Create Service Providers
2. Store Consumer Key/Secret in the Application
3. Generate Token for required scopes● Prefered OAuth Grant type can be used
4. Invoke APIs with Access Token
● Dynamic Client Registration (DCR)■ DCR OAuth 2.0 Profile
● Endpoint for on-the-fly client registration
● Example : Different installations of an App can get different client ID/secret pairs at the installation.
■ WSO2 APIM exposes a DCR endpoint secured with Basic Authentication
{ "callBackURL": "https://localhost:9443/restapp", "jsonString":"{..}" //app details, "clientId": "HfEl1jJPdg5tbtrxhAwybN05QGoa", "clientSecret": "l6c0aoLcWR3fwezHhc7XoGOht5Aa"}
POST /client-registration/v0.9/registerAuthorization:Basic <Base64EncodedUserName:Pwd>
{ "callbackUrl": "https://localhost:9443/restapp", "clientName": "rest_api_store", "tokenScope": "Production", "owner": "admin", "grantType": "password refresh_token", "saasApp": true }
DC
R E
ndpo
int
1. Register Application
2. Respond with Client ID/Secret
● Create Service Provider■ Create a service provider and register the application as an
OAuth 2.0 application■ Specify App URL as the callback URL■ Specify allowed grant types for token generation
● API resources are protected by OAuth Scopes● Enable access control for resources by role
■ Scope to role mapping is stored in the registry (_system/config/apimgt/applicationdata/tenant-conf.json)
● API Definition shows required scopes to access an API resource
■ Ex:
● Need to obtain an Access token with required scopes
Resource Scope
POST /api apim:api_create
GET /api apim:api_view
● Decide suitable grant type for your App● Generate Access Token with selected grant type
○ Ex:■ Authorization Code Grant Type https://docs.wso2.
com/display/AM1100/Generating+Access+Tokens+with+Authorization+Code+-+Authorization+Code+Grant+Type
■ Password Code Grant Typecurl -k -d "grant_type=password&username=appuser&password=12@ws&scope=apim:api_view" -H "Authorization: Basic SGZFbDFqSlBkZzV0YnRyeGhBd3liTjA1UUdvYTpsNmMwYW9MY1dSM2Z3ZXpIaGM3WG9HT2h0NUFh" https://127.0.0.1:8243/token
● APIs can be invoked using the obtained access token ■ Ex: Retrieving APIs
curl -H "Authorization: Bearer <Access Token>" http://127.0.0.1:
9763/api/am/store/v0.9/apis
Authorization Server
2. Authorization Request sent to Authorization Server
App1. Login Request
3. Authorization Code received
4. Token Generation Request
3. Access Token received
User Agent
o Develop a sample app by consuming Store REST API