I now have a NodeJS REST API. It is CRUD service.
Does anyone know how to secure/protect my APIs step by step with wso2 OAuth2?
If you simply want to protect your REST API with OAuth2 use the WSO2 API Manager.
You can follow the quick start guide to get started.
Details related to adding your API and enabling OAuth2 protection is mentioned here in the quick start guide.
Related
When integrating the WSO2 Identity Server (5.6.0) and WSO2 APIM (2.5.0). I came across one scenario where I want the token which I am generating while logging into IS should be used also for invoking APIs in APIM which are created by the same user.
I am creating user in IS and it is getting reflected in APIM but the token which is generated for IS is getting saves in IDN_OAUTH2_ACCESS_TOKEN of IS DB and for APIM while invoking any APIs for the same user, the token are getting saved in IDN_OAUTH2_ACCESS_TOKEN of APIM.
I want to use the same token which was generated in IS to invoke APIs which the same user created in APIM.
Any guidance in this direction will help me to understand.
Thanks
In a distributed deployment of APIM, you can use IS as the key manager node. The following document explains how to set it up.
https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
This document explains (step 3) how to share databases between APIM and IS. You can use the same to achieve what you want.
In short, you need to configure IS to use the APIM DB (shared between 2 nodes) instead of its own IS DB.
You also have to map the Application in the API store to the OAuth app you have created in IS. See this doc for that.
https://docs.wso2.com/display/AM260/Provisioning+Out-of-Band+OAuth+Clients
I need add multiple API publisher and store but I don't want to use WSO2 UI to add one by one.
How to use program to add all API publisher and store?
Thank you.
You can use the APIs published by WSO2. Take a look at their documentation.
Before you make an API calls, you to have call following APIs to receive scope & access_token:
Register your application using /register.(the client from which you will be making API call needs to be verified.)
Get access_token using /token API.
I wanted to secure my microservices built in api connect using Oauth for that i need to use datapower as authorization server.
Is there any step by step document/example to configure API connect to use Datapower Gateway API gateway.
Any help will be appreciated.
Using the API Designer from API Connect, you can create OAuth-based security for your microservice app that uses DataPower as the OAuth provider. Are you familiar with the API Designer and the API Connect toolkit?
OAuth 2.0 is supported by the Micro Gateway only from version 5.0.3 and onwards but as you have DataPower you are fine. The interface/GUI is much better though in later versions of v5.
Did you see this: https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.toolkit.doc/tutorial_apionprem_security_OAuth.html
Or this:
https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.toolkit.doc/tapim_sec_api_config_scheme_oauth_endpoint.html
Check out Lab 4 here:
https://github.com/ibm-apiconnect/pot-onprem-docs/tree/master/lab-guide
The Lab software/setup is also found in that GitHub account!
Reinstalling and Configuring DataPower worked for me it concludes that there was a problem with initial configurations.
I am using WSO2 API Manager to expose few APIs. But I don't want that the consumer use the API store for the subscriptions. The creation of subscriptions/applications and Access tokens should be managed through by my custom web application.
I have checked the WSO2 API Manager docs https://docs.wso2.com/display/AM210/apidocs/store/ and imported the swagger in SoapUI. When I try to invoke the store api of my local API Manager I am getting the HTML content of API store page. see below screenshot.
Can anyone please help what I am doing wrong? Or is there any other way to the requirement.
You need to pass token which is generated by passing scope and client secret key and password as described in https://docs.wso2.com/display/AM210/apidocs/store/#guide
I am implementing Cloud Endpoints with a Python app, I need to expose the restAPI in a secure way https (this is authomatic), The consumer of this Endpoint will be a java Application (not a web browser or app android or ios), and my questions is if there are any way to limit the consume od this Services only for that application.
I've seen "Service Account" oauth but i don't know if i can use it for this problem and if is possible i don't know how to configure it.
Thanks a lot.