Eran and I had a discussion on this at Wize Commerce early last year for a similar scenario, i.e., to expose some internal service APIs to public Internet. This use case went away and we instead exposed the Thrift APIs directly for the time being, but isolated them on separate service machines.
http://people.apache.org/~thejas/thrift-0.9/javadoc/org/apache/thrift/transport/THttpClient.html is one way to redirect calls to Thrift APIs via an HTTP server. One detail to look into is what,if any. features of Thrift protocol are lost by adding the HTTP indirection layer. FWIW, there is a Quora question open on this topic - http://www.quora.com/Evernote/How-did-Evernote-secure-their-public-facing-Thrift-API as it applies to Evernote. — Jijoe On Jul 3, 2014, 5:42:50, Marlon Pierce <[email protected]> wrote: All of them. By public, I don't mean unauthenticated but public in the Evernote SDK sense. Marlon On 7/2/14, 10:56 PM, Supun Kamburugamuva wrote: > Hi Marlon, > > Could you please give some examples of Airavata APIs that needs to be > public? > > Thanks, > Supun.. > > > On Wed, Jul 2, 2014 at 2:46 PM, Marlon Pierce <mailto:[email protected] On Jul 3, 2014, 5:42:50, Marlon Pierce <[email protected]> wrote: All of them. By public, I don't mean unauthenticated but public in the Evernote SDK sense. Marlon On Jul 3, 2014, 5:42:50, Marlon Pierce <[email protected]> wrote: All of them. By public, I don't mean unauthenticated but public in the Evernote SDK sense. Marlon On Jul 3, 2014, 5:42:50, Marlon Pierce <[email protected]> wrote: All of them. By public, I don't mean unauthenticated but public in the Evernote SDK sense. Marlon On Jul 3, 2014, 5:42:50, Marlon Pierce <[email protected]> wrote: All of them. By public, I don't mean unauthenticated but public in the Evernote SDK sense. Marlon On Jul 3, 2014, 5:42:50, Marlon Pierce <[email protected]> wrote: All of them. By public, I don't mean unauthenticated but public in the Evernote SDK sense. Marlon
