+1 for the Jaggery interceptor. I started work related to intercepting jaggery APIs [1]. We will have to decide whether we are giving APIM facility to a JS function or a REST API exposed via goose.js [2].
[1] - https://github.com/dulichan/ironman.js [2] - https://github.com/dulichan/goose.js On Fri, Dec 6, 2013 at 2:46 PM, Sumedha Rubasinghe <[email protected]> wrote: > Dulitha, > First of all, there needs to be a Jaggery interceptor for OAuth2 token > validations. Fronting Jaggery APIs with a AM layer is bulky. > > Answers to two problems are in-line. > > On Fri, Dec 6, 2013 at 12:09 PM, Dulitha Wijewantha <[email protected]>wrote: > >> Hi All, >> Below is an architecture diagram I came up to integrate APIM to MDM. >> There are some issues with it with needs some advice. I have mentioned them >> below - >> >> [image: Inline image 1] >> If the API access is through the browser the API should be protected via >> a session. If the API is accessed via APIM no protection is necessary since >> it's already protected by APIM. But the hiccup in APIM scenario is -the API >> doesn't know who called it (since it's doesn't have a session username). >> How do we deal with the above scenario? >> >> Other problems are- >> >> - When the browser communicates via HTTP the rendering happens in the >> backend. APIM has no integration here. >> >> Browser will go to a URL to get the HTML rendered.. right? If so, that > URL can be managed. > How do we manage it? Are we managing the URL or are we managing the Module functions? > >> - When the browser calls via AJAX the MDM APIs will access directly >> without APIM. This also requires a session >> >> > AJAX calls can also call a managed URL pattern. Isn't it? > Yeah but we can't have OAuth in the browser right? So it has to be validated for sessions. How does it work with APIM integration? > > >> >> Cheers >> >> On Fri, Dec 6, 2013 at 9:33 AM, Nuwan Dias <[email protected]> wrote: >> >>> For you to protect those APIs through the API Manager, you first have to >>> publish them through the Publisher and Subscribe to them via the Store. You >>> can use the APIs available on the Publisher [1] and Store [2] to create, >>> update and subscribe to APIs programmatically. >>> >>> [1] - http://docs.wso2.org/display/AM150/Publisher+APIs >>> [2] - http://docs.wso2.org/display/AM150/Store+APIs >>> >>> Thanks, >>> NuwanD. >>> >>> >>> On Thu, Dec 5, 2013 at 10:11 AM, Dulitha Wijewantha <[email protected]>wrote: >>> >>>> Hi guys, >>>> I have a jaggery API set. I want to protect them with OAuth. From what >>>> I can see in APIM samples - I have to add them manually via the store and >>>> go through the whole lifecycle. Is there away for me to programmatically >>>> protect APIs exposed (with jaggery) using APIM? >>>> >>>> Cheers~ >>>> -- >>>> Chan (Dulitha Wijewantha) >>>> Software Engineer - Mobile Development >>>> WSO2Mobile >>>> Lean.Enterprise.Mobileware >>>> * ~Email [email protected] <[email protected]>* >>>> * ~Mobile +94712112165 <%2B94712112165>* >>>> >>>> * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * >>>> >>>> * ~Blog blog.dulithawijewantha.com >>>> <http://dulichan.github.io/chan/>* >>>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>>> >>> >>> >>> >>> -- >>> Nuwan Dias >>> >>> Senior Software Engineer - WSO2, Inc. http://wso2.com >>> email : [email protected] >>> Phone : +94 777 775 729 >>> >> >> >> >> -- >> Chan (Dulitha Wijewantha) >> Software Engineer - Mobile Development >> WSO2Mobile >> Lean.Enterprise.Mobileware >> * ~Email [email protected] <[email protected]>* >> * ~Mobile +94712112165 <%2B94712112165>* >> >> * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * >> >> * ~Blog blog.dulithawijewantha.com >> <http://dulichan.github.io/chan/>* >> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >> > > > > -- > /sumedha > b : bit.ly/sumedha > -- Chan (Dulitha Wijewantha) Software Engineer - Mobile Development WSO2Mobile Lean.Enterprise.Mobileware * ~Email [email protected] <[email protected]>* * ~Mobile +94712112165* * ~Website dulithawijewantha.com <http://dulithawijewantha.com/>* * ~Blog blog.dulithawijewantha.com <http://dulichan.github.io/chan/>* * ~Twitter @dulitharw <https://twitter.com/dulitharw>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
