Hi all, I have implemented ES Publisher REST API in order to access and perform CRUD operations on ES -BackOffice.
Each endpoint is authenticated by a valid Session-ID, passed to the endpoint in request header. In-order to obtain a session-ID we have implemented a separate authenticate REST endpoint. A user can send username and password in the POST request to this endpoint and if credentials are valid a session-id will be returned. Currently, no encryption or other (basic-aouth/aouth) authorization mechanism is yet implemented. What would be the lightweight and best way to secure this 'authentication' endpoint? Is there a particular wso2 way of doing this? Thanks! - Ayesha -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: [email protected] <[email protected]>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
