Adding correct architecture group. On Fri, Jun 30, 2017 at 9:22 AM, Sachini De Silva <[email protected]> wrote:
> Hi all, > > Currently, API manager uses oauth2 to authenticate and authorize API > requests. This assures security and is good for dealing with apis that > handle sensitive data. However APIs with less critical functionalities and > can be exposed through API key authentication. Unlike access tokens used in > oauth2, API keys do not have an expiry time or a scope associated with > them. So basically an API key grants unrestricted asses (in time or scope) > to the API. > > Option 1 > > At application creation, the developer is given the chance to select which > apis he is going to access through Oauth and API key types. Then he can > proceed to API key generation where he gets a consumer key, consumer secret > and an access token. In Oauth context, all these 3 keys are used. If the > application has subscribed to any API through API key type, then the > consumer key issued for the application can be used as the API key for > those APIs. > > > Figure : Option 1 > > Option 2 > > At application creation, the developer is given the chance to select which > apis he is going to access through Oauth and APIkey types. Then he can > proceed to API key generation where he gets a consumer key, consumer secret > and an access token. These will be used in calling APIs with Oauth.Then a > one time option is given to generate API keys for other APIs the developer > wishes to call through API key. This can either be a seperate API key each > per APIs(Option 2-b) or one API key for all APIs. (Option 2-a) > > > Figure : Option 2-a > > > > Figure : Option 2-b > > Appreciate your comments and suggestions. > > > Thank you, > > Sachini > > -- > > *Sachini De Silva* > Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94778977970 <+94%2077%20897%207970> > > -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
