wso2 Api gateway - encryption

I am trying find answers for few questions regarding wso2.
Does wso2 api gateway accept encrypted json message and have the capability to decrypt?
Does wso2 api gateway capable to call 2 Apis in a sequence? eg: can api gateway call Api1 and depending on the response call Api2.
I am not able to find these in any of the documentation. Kindly suggest.

Yes.
Both of your requirements are possible with mediation sequences. You can implement the sequence as per your requirement and deploy them in APIM gateway.
Please refer the following documentation for,
Message mediation https://docs.wso2.com/display/ESB500/Mediating+Messages
Dynamic Endpoints https://docs.wso2.com/display/AM210/Working+with+Endpoints
Adding mediation sequence to your API. https://docs.wso2.com/display/AM210/Adding+Mediation+Extensions

Related

WSO2: Can IS access token be used for APIM access token for APIs for same users?

When integrating the WSO2 Identity Server (5.6.0) and WSO2 APIM (2.5.0). I came across one scenario where I want the token which I am generating while logging into IS should be used also for invoking APIs in APIM which are created by the same user.
I am creating user in IS and it is getting reflected in APIM but the token which is generated for IS is getting saves in IDN_OAUTH2_ACCESS_TOKEN of IS DB and for APIM while invoking any APIs for the same user, the token are getting saved in IDN_OAUTH2_ACCESS_TOKEN of APIM.
I want to use the same token which was generated in IS to invoke APIs which the same user created in APIM.
Any guidance in this direction will help me to understand.
Thanks
In a distributed deployment of APIM, you can use IS as the key manager node. The following document explains how to set it up.
https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
This document explains (step 3) how to share databases between APIM and IS. You can use the same to achieve what you want.
In short, you need to configure IS to use the APIM DB (shared between 2 nodes) instead of its own IS DB.
You also have to map the Application in the API store to the OAuth app you have created in IS. See this doc for that.
https://docs.wso2.com/display/AM260/Provisioning+Out-of-Band+OAuth+Clients

Best pattern to call AWS API from Elm SPA?

I'm developing an application following quite closely Feldman Elm SPA example with the API hosted on AWS API Gateway. My problem is the following:
I need to sign my API calls with AWS API Signature v4. It is a less trivial task than I initially thought in Elm:
There is no Elm AWS signature package, so I naturally looked at JS libraries to use via Ports.
Option 1: Use AWS Amplify API that does all the job => But then how to process the result in the most Elm-esque way (ideally with RemoteData).
Option 2: Use a third-party JS library just to sign the request forged by Elm Http.request and send send/process the HTTP request via Elm => So far I found only buggy implementations of AWS Sigv4, I would prefer an official implementation anyway.
In the 2 cases, I'm stuck with the Main Parent / Page Children communication: I can send the request 1) or 2) via Port from the Child. But then, how to can the Child receive the response to his request? Indeed, all responses go into Elm via the same port subscription. Do I need to 'tag' the outgoing requests and then dispatch the response based on the tag? But it will look horrible and won't scale well.
Please note that it is a question about App pattern and architecture. It is not a basic question about Elm Ports (I already successfully call the API from Elm).
Any recommendations or pointers appreciated. Thanks!
Additional info about my setup (following the first comment)
I follow the AWS best practices (scenario #3 Access Resources with API Gateway and Lambda with a User Pool)
Front-end App users are managed by:
Cognito User Pool (signup, sign-in, etc...)
Cognito Identity Pool (map users with IAM role to access AWS resources, including the API Gateway)
Back-end is Serverless: API Gateway + Lambda functions
API Gateway: Lambda proxy integration + Authorization = IAM => this requires the AWS Signature
I don't use API keys because:
I don't want to provide any access to the back-end to unauthenticated users
I need to identify the user from the request headers
I don't want to rely on long-term secrets for authentication on client side

How to send data from rest api to a kaa server

How to send data from rest api to kaa server without using the sdk
the above it is possible or i only can push new data using the sdk ?
I tried use the api methods but i don't know what is the appropriate
Don't think you would be able to use anything other than example SDK to send data to Kaa. Kaa SDKs have implicit info about the schemas used in the kaa server. You can use a sample SDK and modify for your own use.
REST log appender provided with kaa is very easy to use. If you face any problem then you can search for other questions related to kaa REST log appender and you would be able to find a solution. If not, pls ask for help on your specific error msg or issue. You can also refer to the question asked here

How to protect REST API with wso2 IS?

I now have a NodeJS REST API. It is CRUD service.
Does anyone know how to secure/protect my APIs step by step with wso2 OAuth2?
If you simply want to protect your REST API with OAuth2 use the WSO2 API Manager.
You can follow the quick start guide to get started.
Details related to adding your API and enabling OAuth2 protection is mentioned here in the quick start guide.

How to use API gateway as target endpoint in APIGEE

I have so far seen no online resources to invoke a AWS API gateway API from APIGEE. I always get the following when i trace
{
"fault": {
"faultstring": "The Service is temporarily unavailable",
"detail": {
"errorcode": "messaging.adaptors.http.flow.ServiceUnavailable"
}
}
I have followed the following resource from APIGEE webinars here link
and was unsuccessful.
You can put your API invocation endpoint in API Gateway as target endpoint in APIGEE like a HTTP proxy.
Doing a callout to the AWS api is tricky because you'll need to generate an access token.
It might be easier to orchestrate that in a JavaScript callout to make the call (so you can calculate headers and your SHA keys) then set the token as a flow variable and do your callouts from there.
In terms of API Gateway integration, at a minimum the APIGEE client will need to be configured to:
Support SNI
Sign the request with AWS SigV4 if "AWS_IAM" auth is enabled for the API method
SSL handshake failures are often a result of missing SNI support in the client.
Any APIGEE implementation specifics may be better fielded by APIGEE support.
Cheers,
Ryan
For Apigee, if you are on the Free plan there is no SNI support. So if you are trying to make an HTTPS request it won't happen, you'll need to upgrade your account to make it work.
You can find more details from Apigee here: https://community.apigee.com/questions/9237/apigee-proxie-with-amazon-gateway-api-503-service.html

Resources