Actually in our case the requests to third-party APIs the we get would look like the following,
https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"&query="get name:name,age:18,city:colombo from https://some.third.party.api.com"; https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"&query="post name:name,age:18,city:colombo from https://some.third.party.api.com"; On Fri, Nov 17, 2017 at 3:41 PM, Thilina Madumal <[email protected]> wrote: > Hi all, > > While researching I found the yahoo provides an API proxy service and it > adopts SQL like language. Please see [1]. > > In our implementation, we also can adopt the same. For an example from the > SPA it just need to send a query parameter like [2] > > If so a request from SPA to our APIProxy will look like [3] > > WDYT? > > Best, > Thilina > > [1] https://developer.yahoo.com/yql/guide/overview.html > [2] select name,age,city from https://some.third.party.api.com > [3] https://wso2.is:9443/oauth_proxy/api_proxy?code="appIdCode"&query="select > name,age,city from https://some.third.party.api.com"; > > On Fri, Nov 17, 2017 at 11:23 AM, Thilina Madumal <[email protected]> > wrote: > >> Hi Ruwan, >> >> >> On Fri, Nov 17, 2017 at 11:20 AM, Ruwan Abeykoon <[email protected]> wrote: >> >>> Hi Thilina, >>> Can you try implementing this with Ballerina. This should be a simple >>> case for Ballerina. >>> >> >> Yep, I'm looking into it. >> >> >>> >>> Cheers, >>> Ruwan >>> >>> On Fri, Nov 17, 2017 at 11:16 AM, Thilina Madumal <[email protected]> >>> wrote: >>> >>>> Hi Roshan, >>>> >>>> >>>> On Fri, Nov 17, 2017 at 11:00 AM, roshan wijesena < >>>> [email protected]> wrote: >>>> >>>>> Can you please explain more about this API-proxy ? is it only for >>>>> decrypt the token? >>>>> >>>> >>>> Actually this proxy has two parts, LoginProxy and APIProxy. >>>> LoginProxy part do the authentication and autherization of the user on >>>> behalf of SPA. >>>> APIProxy mediates the calls to third-party APIs as requested by the SPA >>>> by decrypting the access_token. >>>> >>>> The ultimate goal is, when developing a SPA where there is no attached >>>> server-side, the devloper just needs to calll the necessary APIs of the >>>> proxy. >>>> Then the proxy will do the rest. >>>> >>>> >>>>> >>>>> APIM 3.0.X has SPA's for it's publisher and store apps, have a look at >>>>> security implementation of it. AFAIK, there is a no API proxy in that >>>>> implementation. >>>>> >>>>> On Thu, Nov 16, 2017 at 11:06 PM, Thilina Madumal <[email protected] >>>>> > wrote: >>>>> >>>>>> Hi Devs, >>>>>> >>>>>> The idea of an API-Proxy for Single Page Applications is quite >>>>>> helpful in mitigating inherent security risks of keeping the access_token >>>>>> in the browser side as plain text. >>>>>> >>>>>> Here the idea is to keep the access_token encrypted and set in a >>>>>> cookie. API-Proxy will mediate all the calls for the third-party APIs by >>>>>> decrypting the access_token value and calling the requested third-party >>>>>> APIs with the decrypted access_token. >>>>>> >>>>>> This is a significantly valuable use-case for the SPAs where there is >>>>>> no attached server-side other than the container which is used to >>>>>> facilitate the initial page download. >>>>>> >>>>>> I'm in the requirement gathering phase. Would appreciate your >>>>>> suggestions on, >>>>>> >>>>>> - what are the nice to have capabilities in API-Proxy >>>>>> - what are the complexities that will arise while implementing >>>>>> this >>>>>> - how to achieve the third-party API call mediation >>>>>> - Is this a valid use-case >>>>>> - or is this a redundant effort >>>>>> - are there any alternatives >>>>>> - and etc. >>>>>> >>>>>> This is an open invitation to shoot whatever pops into your mind in >>>>>> this regards:) >>>>>> >>>>>> Thanks in advance. >>>>>> >>>>>> Cheers, >>>>>> Thilina >>>>>> -- >>>>>> *Thilina Madumal* >>>>>> *Software Engineer | **WSO2* >>>>>> Email: [email protected] >>>>>> Mobile: *+ <+94%2077%20767%201807>94 774553167* >>>>>> Web: <http://goog_716986954>http://wso2.com >>>>>> >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> *Thilina Madumal* >>>> *Software Engineer | **WSO2* >>>> Email: [email protected] >>>> Mobile: *+ <+94%2077%20767%201807>94 774553167* >>>> Web: <http://goog_716986954>http://wso2.com >>>> >>>> <http://wso2.com/signature> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> *Ruwan Abeykoon* >>> *Associate Director/Architect**,* >>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >>> *lean.enterprise.middleware.* >>> >>> >> Thanks, >> Thilina >> >> -- >> *Thilina Madumal* >> *Software Engineer | **WSO2* >> Email: [email protected] >> Mobile: *+ <+94%2077%20767%201807>94 774553167* >> Web: <http://goog_716986954>http://wso2.com >> >> <http://wso2.com/signature> >> >> > > > -- > *Thilina Madumal* > *Software Engineer | **WSO2* > Email: [email protected] > Mobile: *+ <+94%2077%20767%201807>94 774553167* > Web: <http://goog_716986954>http://wso2.com > > <http://wso2.com/signature> > > -- *Thilina Madumal* *Software Engineer | **WSO2* Email: [email protected] Mobile: *+ <+94%2077%20767%201807>94 774553167* Web: <http://goog_716986954>http://wso2.com <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
