On Mon, Oct 30, 2017 at 12:50 PM, Damith Wickramasinghe <[email protected]> wrote:
> Hi Niveathika, > > Are we securing event simulator apis as well ? > We have to secure that as well. IMO, all the core APIs need to be secured. Thanks, Mohan > > Regards, > Damith > > On Mon, Oct 30, 2017 at 12:38 PM, Niveathika Rajendran < > [email protected]> wrote: > >> Hi all, >> >> The use case in accessing Stream Processor API's are as follows, >> >> 1. Dashboard front end APIs >> >> These are API's which the user users to access dashboards he/she will >> create. >> >> These will be protected by using an Authentication API through which the >> access token obtained by the login will be split into 2 and saved as >> cookies. Authentication API will act as a proxy for the IdPClient OSGi >> service. >> >> 2. Dashboard back end API's >> >> These will use the IdPClient OSGi service to get the access tokens using >> client credential grant type which can be used to access other API's with >> Bearer authorization headers. >> >> >> 2. Databridge >> >> Here, the data bridge authentication is only done through basic >> authentication. Oauth2 token validation is mocked through passing token >> requests using password grant type. This is because the events will be sent >> with Basic authorization headers and not with Bearer headers >> >> >> For more info in SP IdP integration please refer[1]. >> >> @Identity-Team, Could you provide feedback on the mechanisms used in >> securing API's. >> >> [1] [Architecture] Securing Product Apis and Product artifacts in Stream >> Processor >> >> -- >> Best Regards, >> *Niveathika Rajendran,* >> *Software Engineer.* >> *Mobile : +94 077 903 7536 <+94%2077%20903%207536>* >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "WSO2 Engineering Group" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/a/wso2.com/d/optout. >> > > > > -- > Senior Software Engineer > WSO2 Inc.; http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > lean.enterprise.middleware > > mobile: *+94728671315 <+94%2072%20867%201315>* > > -- *V. Mohanadarshan* *Technical Lead,* *Data Technologies Team,* *WSO2, Inc. http://wso2.com <http://wso2.com> * *lean.enterprise.middleware.* email: [email protected] phone:(+94) 771117673
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
