Dulitha, First of all, there needs to be a Jaggery interceptor for OAuth2 token validations. Fronting Jaggery APIs with a AM layer is bulky.
Answers to two problems are in-line. On Fri, Dec 6, 2013 at 12:09 PM, Dulitha Wijewantha <[email protected]>wrote: > Hi All, > Below is an architecture diagram I came up to integrate APIM to MDM. There > are some issues with it with needs some advice. I have mentioned them below > - > > [image: Inline image 1] > If the API access is through the browser the API should be protected via a > session. If the API is accessed via APIM no protection is necessary since > it's already protected by APIM. But the hiccup in APIM scenario is -the API > doesn't know who called it (since it's doesn't have a session username). > How do we deal with the above scenario? > > Other problems are- > > - When the browser communicates via HTTP the rendering happens in the > backend. APIM has no integration here. > > Browser will go to a URL to get the HTML rendered.. right? If so, that URL can be managed. > > - When the browser calls via AJAX the MDM APIs will access directly > without APIM. This also requires a session > > AJAX calls can also call a managed URL pattern. Isn't it? > > Cheers > > On Fri, Dec 6, 2013 at 9:33 AM, Nuwan Dias <[email protected]> wrote: > >> For you to protect those APIs through the API Manager, you first have to >> publish them through the Publisher and Subscribe to them via the Store. You >> can use the APIs available on the Publisher [1] and Store [2] to create, >> update and subscribe to APIs programmatically. >> >> [1] - http://docs.wso2.org/display/AM150/Publisher+APIs >> [2] - http://docs.wso2.org/display/AM150/Store+APIs >> >> Thanks, >> NuwanD. >> >> >> On Thu, Dec 5, 2013 at 10:11 AM, Dulitha Wijewantha <[email protected]>wrote: >> >>> Hi guys, >>> I have a jaggery API set. I want to protect them with OAuth. From what I >>> can see in APIM samples - I have to add them manually via the store and go >>> through the whole lifecycle. Is there away for me to programmatically >>> protect APIs exposed (with jaggery) using APIM? >>> >>> Cheers~ >>> -- >>> Chan (Dulitha Wijewantha) >>> Software Engineer - Mobile Development >>> WSO2Mobile >>> Lean.Enterprise.Mobileware >>> * ~Email [email protected] <[email protected]>* >>> * ~Mobile +94712112165 <%2B94712112165>* >>> >>> * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * >>> >>> * ~Blog blog.dulithawijewantha.com >>> <http://dulichan.github.io/chan/>* >>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>> >> >> >> >> -- >> Nuwan Dias >> >> Senior Software Engineer - WSO2, Inc. http://wso2.com >> email : [email protected] >> Phone : +94 777 775 729 >> > > > > -- > Chan (Dulitha Wijewantha) > Software Engineer - Mobile Development > WSO2Mobile > Lean.Enterprise.Mobileware > * ~Email [email protected] <[email protected]>* > * ~Mobile +94712112165 <%2B94712112165>* > > * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * > > * ~Blog blog.dulithawijewantha.com > <http://dulichan.github.io/chan/>* > * ~Twitter @dulitharw <https://twitter.com/dulitharw>* > -- /sumedha b : bit.ly/sumedha
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
