Hi Nivethika, Instead of only considering OAuth2 should we try to make this configurable ? (if not already so)
Clients using the different APIs might have a preferred way of securing APIs in an organization and they would want to use the same to access these APIs also. Thank you, Shiro On Mon, Oct 30, 2017 at 8:03 PM, Mohanadarshan Vivekanandalingam < [email protected]> wrote: > > > On Mon, Oct 30, 2017 at 12:50 PM, Damith Wickramasinghe <[email protected]> > wrote: > >> Hi Niveathika, >> >> Are we securing event simulator apis as well ? >> > > We have to secure that as well. IMO, all the core APIs need to be secured. > > Thanks, > Mohan > > > >> >> Regards, >> Damith >> >> On Mon, Oct 30, 2017 at 12:38 PM, Niveathika Rajendran < >> [email protected]> wrote: >> >>> Hi all, >>> >>> The use case in accessing Stream Processor API's are as follows, >>> >>> 1. Dashboard front end APIs >>> >>> These are API's which the user users to access dashboards he/she will >>> create. >>> >>> These will be protected by using an Authentication API through which the >>> access token obtained by the login will be split into 2 and saved as >>> cookies. Authentication API will act as a proxy for the IdPClient OSGi >>> service. >>> >>> 2. Dashboard back end API's >>> >>> These will use the IdPClient OSGi service to get the access tokens using >>> client credential grant type which can be used to access other API's with >>> Bearer authorization headers. >>> >>> >>> 2. Databridge >>> >>> Here, the data bridge authentication is only done through basic >>> authentication. Oauth2 token validation is mocked through passing token >>> requests using password grant type. This is because the events will be sent >>> with Basic authorization headers and not with Bearer headers >>> >>> >>> For more info in SP IdP integration please refer[1]. >>> >>> @Identity-Team, Could you provide feedback on the mechanisms used in >>> securing API's. >>> >>> [1] [Architecture] Securing Product Apis and Product artifacts in >>> Stream Processor >>> >>> -- >>> Best Regards, >>> *Niveathika Rajendran,* >>> *Software Engineer.* >>> *Mobile : +94 077 903 7536 <+94%2077%20903%207536>* >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "WSO2 Engineering Group" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/a/wso2.com/d/optout. >>> >> >> >> >> -- >> Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> lean.enterprise.middleware >> >> mobile: *+94728671315 <+94%2072%20867%201315>* >> >> > > > -- > *V. Mohanadarshan* > *Technical Lead,* > *Data Technologies Team,* > *WSO2, Inc. http://wso2.com <http://wso2.com> * > *lean.enterprise.middleware.* > > email: [email protected] > phone:(+94) 771117673 <077%20111%207673> > -- *Shiroshica Kulatilake | Director, Solutions Architecture, WSO2 Inc.+94 776523867 *
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
