On Thu, Feb 22, 2018 at 5:33 PM, Harsha Kumara <hars...@wso2.com> wrote:
> Hi All,
> This is to discuss the security of REST APIs exposed from carbon-auth and
> carbon-apimgt components. We are mainly using OAuth as primary protection
> for the REST APIs and scopes are used as the authorization purposes.
> Currently following APIs are exposed from the components lies in these two
> main repositories.
> Protected APIs with OAuth
> - /api/am/publisher/v1.0 - Publisher REST APIs
> - /api/am/store/v1.0 - Store REST APIs
> - /api/am/admin/v1.0 - Admin REST APIs
> - /api/am/analytics/v1.0 - Analytic REST APIs
We have another REST API called core API (/api/am/core/v1.0) which is for
internal server communications. This is planned to secure by mutual ssl.
Committer and PMC Member - Apache Stratos
Senior Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
Architecture mailing list