Thank you everyone for your valuable inputs. @Udara, These API endpoints are used by ES publisher App itself and will be invoked by authorized third party as well. In that way we have enabled accessing ES back office via remote clients as well.
According to suggestions in this thread having aouth is the best way to secure the endpoints which are exposed to third party. We will decide whether to use basic-aouth/aouth or suppot both, and update the thread on final outcome. Thanks! - Ayesha On Sat, Oct 18, 2014 at 10:27 PM, Udara Liyanage <[email protected]> wrote: > Hi, > > Having basic oauth with HTTPS is kind of secured as long as no third party > is invoking the APIs. > > > > Touched, not typed. Erroneous words are a feature, not a typo. > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palmgrove Avenue, Colombo 3 E-Mail: [email protected] <[email protected]>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
