Hi all, While researching I found the yahoo provides an API proxy service and it adopts SQL like language. Please see [1].
In our implementation, we also can adopt the same. For an example from the SPA it just need to send a query parameter like [2] If so a request from SPA to our APIProxy will look like [3] WDYT? Best, Thilina [1] https://developer.yahoo.com/yql/guide/overview.html [2] select name,age,city from https://some.third.party.api.com [3] https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"&query="select name,age,city from https://some.third.party.api.com"; On Fri, Nov 17, 2017 at 11:23 AM, Thilina Madumal <[email protected]> wrote: > Hi Ruwan, > > > On Fri, Nov 17, 2017 at 11:20 AM, Ruwan Abeykoon <[email protected]> wrote: > >> Hi Thilina, >> Can you try implementing this with Ballerina. This should be a simple >> case for Ballerina. >> > > Yep, I'm looking into it. > > >> >> Cheers, >> Ruwan >> >> On Fri, Nov 17, 2017 at 11:16 AM, Thilina Madumal <[email protected]> >> wrote: >> >>> Hi Roshan, >>> >>> >>> On Fri, Nov 17, 2017 at 11:00 AM, roshan wijesena <[email protected] >>> > wrote: >>> >>>> Can you please explain more about this API-proxy ? is it only for >>>> decrypt the token? >>>> >>> >>> Actually this proxy has two parts, LoginProxy and APIProxy. >>> LoginProxy part do the authentication and autherization of the user on >>> behalf of SPA. >>> APIProxy mediates the calls to third-party APIs as requested by the SPA >>> by decrypting the access_token. >>> >>> The ultimate goal is, when developing a SPA where there is no attached >>> server-side, the devloper just needs to calll the necessary APIs of the >>> proxy. >>> Then the proxy will do the rest. >>> >>> >>>> >>>> APIM 3.0.X has SPA's for it's publisher and store apps, have a look at >>>> security implementation of it. AFAIK, there is a no API proxy in that >>>> implementation. >>>> >>>> On Thu, Nov 16, 2017 at 11:06 PM, Thilina Madumal <[email protected]> >>>> wrote: >>>> >>>>> Hi Devs, >>>>> >>>>> The idea of an API-Proxy for Single Page Applications is quite helpful >>>>> in mitigating inherent security risks of keeping the access_token in the >>>>> browser side as plain text. >>>>> >>>>> Here the idea is to keep the access_token encrypted and set in a >>>>> cookie. API-Proxy will mediate all the calls for the third-party APIs by >>>>> decrypting the access_token value and calling the requested third-party >>>>> APIs with the decrypted access_token. >>>>> >>>>> This is a significantly valuable use-case for the SPAs where there is >>>>> no attached server-side other than the container which is used to >>>>> facilitate the initial page download. >>>>> >>>>> I'm in the requirement gathering phase. Would appreciate your >>>>> suggestions on, >>>>> >>>>> - what are the nice to have capabilities in API-Proxy >>>>> - what are the complexities that will arise while implementing this >>>>> - how to achieve the third-party API call mediation >>>>> - Is this a valid use-case >>>>> - or is this a redundant effort >>>>> - are there any alternatives >>>>> - and etc. >>>>> >>>>> This is an open invitation to shoot whatever pops into your mind in >>>>> this regards:) >>>>> >>>>> Thanks in advance. >>>>> >>>>> Cheers, >>>>> Thilina >>>>> -- >>>>> *Thilina Madumal* >>>>> *Software Engineer | **WSO2* >>>>> Email: [email protected] >>>>> Mobile: *+ <+94%2077%20767%201807>94 774553167* >>>>> Web: <http://goog_716986954>http://wso2.com >>>>> >>>>> <http://wso2.com/signature> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>> >>> >>> -- >>> *Thilina Madumal* >>> *Software Engineer | **WSO2* >>> Email: [email protected] >>> Mobile: *+ <+94%2077%20767%201807>94 774553167* >>> Web: <http://goog_716986954>http://wso2.com >>> >>> <http://wso2.com/signature> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Associate Director/Architect**,* >> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >> *lean.enterprise.middleware.* >> >> > Thanks, > Thilina > > -- > *Thilina Madumal* > *Software Engineer | **WSO2* > Email: [email protected] > Mobile: *+ <+94%2077%20767%201807>94 774553167* > Web: <http://goog_716986954>http://wso2.com > > <http://wso2.com/signature> > > -- *Thilina Madumal* *Software Engineer | **WSO2* Email: [email protected] Mobile: *+ <+94%2077%20767%201807>94 774553167* Web: <http://goog_716986954>http://wso2.com <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
