Hi Dumindu, What's the reason for using a JWT instead of an opaque key? What are the information we include in the JWT?
Thanks, Bhathiya On Fri, Jul 26, 2019 at 1:44 PM Chathura Ekanayake <[email protected]> wrote: > Hi Dumindu, > > Could you briefly mention the steps for publishing, subscribing to and > invoking APIs with API Keys. > > According to the given description it looks like a similar approach to > using client credentials grant (with JWT). Or is it that we can associate a > key with an API at the publishing time. > > If it is the latter case, I guess we cannot do user or application based > throttling or analytics with this approach. > > Regards, > Chathura > > On Fri, Jul 26, 2019 at 12:46 PM Dumindu Kanchana <[email protected]> > wrote: > >> API key is the simplest form of app-based security that we will be able >> to configure for an API. >> >> Securing the API's with this method was already implemented in few >> API-Manager solutions and currently I'm working on to introduce this for >> the APIM 3.0.0. >> >> An API key is a string value passed by a client app to the APIM gateway. >> The key uniquely identifies the client app. A client app simply presents an >> API key with its request, then APIM gateway checks to see that the API key >> is in an approved state for the API being requested and allow/deny based on >> the validation. >> >> We are going to use a JWT to represent the APIKey which will be generated >> from the APIM-Store. This self-contained API Key will be validated from the >> gateway before allowing a resource to be consumed. >> >> In order to use this feature, we need to, >> >> 1. APIKey security enabled for the API. >> 2. An application created in the store to generate a API key >> >> As the initial steps, I'm working on to develop the Store/Publisher Rest >> API's and the backend implementation. We are also going to support API Key >> revocation for this feature. >> >> [1] Mail - "API key support" >> [2] Invitation: Discussion on integrating API-Key feature for AM-3.0.0 @ >> Wed Jul 10, 2019 >> >> Thanks, >> -- >> *Dumindu Kanchna* >> Software Engineer | WSO2 >> >> Email : [email protected] >> Mobile : +94766958493 >> Web : https://wso2.com >> >> <http://wso2.com/signature> >> > -- *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc. (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
