Hi All Currently IOT communicates with APIM components via Java/OSGI api's and services. Therefore $subject is needed to properly decouple and make IOT cloud ready. Consider the following points where IOT uses APIM. Sub-points are huw i'm planing to implement
*1. At server startup - It creates and publish apis to APIM* 1.1 Creates a client using DCR-endpoint - [1] 1.2 Gets a token from token-endpoint using the consumer key/secret received from 1.1 - [2] 1.3 Creates api from publisher apis using the token received at 1.2 - [3] 1.4 Publish api (change life-cycle to PUBLISHED), using the token received at 1.2 and api-ID received from 1.3 -[4] *2. Before an api call * 2.1 Create a app calling DCR endpoint[1] - get consumer/key secret 2.2 Get a token for the app created in 2.1 by calling token-endpoint[2] 2.3 Create auth app (needs the token received in 2.2) using publisherApi[5] 2.4 Search apis from a given tag using publisherApi[6] 2.5 Subscribe to apis (from 2.4) to the app created in 2.3 (needs the token received in 2.2) - using publisherApi[7] 2.6 Generate keys for app (2.3) (needs the token received in 2.2) - using publisherApi[8] 2.7 Get a token from token-endpoint[2] using consumer key/secret received at 2.6 above. *3. When invoking an API - Does the key validation via APIM* 3.1 Uses the token created at 2.7 *4. When device publish its events to MQTT - Does the key validation via APIM* *?* *Endpoints being call* [1] - http://localhost:9763/client-registration/v0.9/register [2] - https://localhost:8243/token [3] - https://localhost:9443/api/am/publisher/v0.10/apis [4] - https://localhost:9443/api/am/publisher/v0.10/apis/change- lifecycle?apiId=<id> [5] - https://localhost:9443/api/am/store/v0.10/applications [6] - https://localhost:9443/api/am/store/v0.10/apis [7] - https://localhost:9443/api/am/store/v0.10/subscriptions [8] - https://localhost:9443/api/am/store/v0.10/applications/gen erate-keys?applicationId=<id> *Configs needed* (1.1) - DCREndpoint, username and password of a user who has permissions to create client-app, callbackUrl,clientName,tokenScope,owner,grantTypem, saasApp (1.2) - TokenEndpoint, username, (password if we use password grant-type), certificate + certPassword if use jwt grant-type (1.3 - 1.4) - PublisherApiEndpoint (2.1) - DCREndpoint, username and password of a user who has permissions to create client-app (2.2) - TokenEndpoint, username (and password if we use password grant-type) (2.3) - StoreApiEndpoint, username and password of a user who has permissions to create auth-app, throttlingTier, description, name, callbackUrl (2.4) - StoreApiEndpoint, tags (2.5) - StoreApiEndpoint, tier (2.6) - StoreApiEndpoint, (2.7) - TokenEndpoint, username (password of the *logged in user* if we use password grant-type), certificate + certPassword if use jwt grant-type *Questions* Q1. Can we make 1.1 and 2.1 apps to be SaaS apps Q2. Can we use a single (same) app for both 1.1 and 1.2 Q3. What is the grant-type we will be using Q4. What would be the additional requirements if we consider multi-tenancy Q5. Do we perform 1.* in every-time when server starts up Q6. Can we save the token of the logged-in user in 2.7, either in-memory or in registry -- *Susinda Perera* Software Engineer B.Sc.(Eng), M.Sc(Computer Science), AMIE(SL) Mobile:(+94)716049075 Blog: susinda.blogspot.com WSO2 Inc. http://wso2.com/ Tel : 94 11 214 5345 Fax :94 11 2145300
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
