On Mon, Oct 30, 2017 at 12:50 PM, Damith Wickramasinghe <[email protected]>
wrote:

> Hi Niveathika,
>
> Are we securing event simulator apis as well ?
>

We have to secure that as well. IMO, all the core APIs need to be secured.

Thanks,
Mohan



>
> Regards,
> Damith
>
> On Mon, Oct 30, 2017 at 12:38 PM, Niveathika Rajendran <
> [email protected]> wrote:
>
>> Hi all,
>>
>> The use case in accessing Stream Processor API's are as follows,
>>
>> 1. Dashboard front end APIs
>>
>> These are API's which the user users to access dashboards he/she will
>> create.
>>
>> These will be protected by using an Authentication API through which the
>> access token obtained by the login will be split into 2 and saved as
>> cookies. Authentication API will act as a proxy for the IdPClient OSGi
>> service.
>>
>> 2. Dashboard back end API's
>>
>> These will use the IdPClient OSGi service to get the access tokens using
>> client credential grant type which can be used to access other API's with
>> Bearer authorization headers.
>>
>>
>> 2. Databridge
>>
>> Here, the data bridge authentication is only done through basic
>> authentication. Oauth2 token validation is mocked through passing token
>> requests using password grant type. This is because the events will be sent
>> with Basic authorization headers and not with Bearer headers
>>
>>
>> For more info in SP IdP integration please refer[1].
>>
>> @Identity-Team, Could you provide feedback on the mechanisms used in
>> securing API's.
>>
>> [1] [Architecture] Securing Product Apis and Product artifacts in Stream
>> Processor
>>
>> --
>> Best Regards,
>> *Niveathika Rajendran,*
>> *Software Engineer.*
>> *Mobile : +94 077 903 7536 <+94%2077%20903%207536>*
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "WSO2 Engineering Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>
>
>
>
> --
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
> lean.enterprise.middleware
>
> mobile: *+94728671315 <+94%2072%20867%201315>*
>
>


-- 
*V. Mohanadarshan*
*Technical Lead,*
*Data Technologies Team,*
*WSO2, Inc. http://wso2.com <http://wso2.com> *
*lean.enterprise.middleware.*

email: [email protected]
phone:(+94) 771117673
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to