I'm currently trying to solve one issue in wso2 API manager v1.9.
I'm login to publisher and create an API i,e SampleAPI, in the design phase I have added 3 GET resources /sample1,/sample2 and /Sample3 respectively.
and implement phase, provided a production endpoint e.g http://test/sample/1.0 and finally in the manage phase provided tier details and rest are all default setting, after that I saved and published the API.
Then I'm login to Carbon console and modified the /sample2 and /sample3 resource endpoint to http://test/sample/45 and http://test/sample/46 respectively and saved the synapse configuration.
Upto this step is everything is ok, I have tested all the resources is working fine.
Later I have added another resource to the same API , so what I did, login to publisher and edit the SampleAPI and added another GET resource /sample4 and saved the configuration and again login to carbon console and try to add endpoint for /sample4 resource, then what I noticed, all the resources are reset to default endpoint, which I had provided during API configuration.
Could you please suggest how to handle this scenario? I want to keep all the configured endpoint details for each resources instead of reset to default endpoint even I add a new resource to the same API.
Related
How can HTTP queries be run in the Azure Monitor workbooks?
I read all the documentation here and still can not find how could I use my application health checks http endpoints to report on my application status in an Azure Monitor woorkbook.
I have an ASP.NET application if it matters. It exposes endpoints which I would like to call from the workbook and do different visualizations depending on the data returned.
You'd use the "Custom Endpoint" data source in the Query step.
https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-data-sources#custom-endpoint
The endpoint needs to support CORS, because the calls would be coming from the azure portal, and also needs to support https, because the portal itself is loaded via https.
The endpoint is also expected to return JSON content, and then you can use JSONPath inside the settings of the custom endpoint's Result Settings tab to transform it into grid data.
I have a question regarding Autodiscovery, and adding code fragments of policies to an API specification.
Using Autodiscovery, we can apply policies and it will be applicable to the deployed application. For example Rate limiting policy applied through Autodiscovery will work fine to manage the access of our API.
Then what is the purpose of adding Client id enforcement or adding the code snippet of this policy to the API RAML? Does this mean that once the RAML changes are done, we again need to update out code to include this new RAMl from exchange and redeploy our application?
The purpose of the snippet is to document that client_id and client_secret have to be send as part of the HTTP request to the REST API. It will also make APIKit validate that it is receiving the expected information for the policy to work.
Currently, I'm working with 2 apps where user can generate a payment token associated with their account. 1 uses the Secure Acceptance Hosted Checkout and the other uses Flex Microform. 1 possible case involves the user's card being captured via the Microform and then later updated via the Hosted Checkout.
The docs mention being able to replace the billing info associated with the Flex token, but it's unclear the mechanism available. I'm aware that the Hosted Checkout supports updating this info, but it's preferred to make the update without prompting the user via the Hosted Checkout so the user never needs to see the default address or require putting in their address twice. Is there an endpoint that can be uses to achieve this?
I don't know if it's the intended way of doing things for cybersource, But there is a soap service named "paySubscriptionUpdateService" in the simple order (soap) api that allowed me update the name & address on a token generated via the flex api.
You can take a look at the simple order API documentation on cybersource website - chapter 7 "Updating a subscription"
https://developer.cybersource.com/library/documentation/dev_guides/Recurring_Billing/SO_API/Recurring_Billing_SO_API.pdf
I'm sure there is a way through rest API too, I'm not sure how to do it yet. I'll circle back if I see something
I'm working on a small change to the wso2 developers portal. When we import a API to the wso2 dev portal it generates gateway URLs to that API thinking its an API created in the wso2 publisher. But what if we want to import an API from AWS and in such cases the generated URLs by the dev portal will be incorrect. To fix this issue I'm having trouble finding the code segments responsible for this. If you guys have any idea please let me know. thanks in advance
If the URLs are static value, then you can hard-code it in the code level. Environments.jsx, resides in <APIM-Home>/repository/deployment/server/jaggeryapps/devportal/source/src/app/components/Apis/Details/ the directory contains the source code that renders under Gateway Environments section (From line starting from 203).
Endpoint URLs are generated from the defined gateway environment. You can define a new gateway environment with AWS HTTP or HTTPS endpoints. So in dev portals, it will append the particular API's context and version to the endpoint and display here. If the expected gateway URLs are different from the protocol://GW_host:GW_port/context/version then you can do some additional changes from the UI. So that you can change the dev portal react code and apply the changes.
I am working on Angular Application and I want to add Azure Application Insights in my Angular SPA.
I have added all required configuration and Everything works perfectly fine.
Application Insights will logs all required details like PageView and custom events with the Help of InstrumentationKey.
But I have one doubt, that What will happen if ApplicationInsights InstrumentationKey gets stolen?
InstrumentationKey is exposed to external world and anyone can see it.
So my question is, Is there any problem if somebody gets this key?
what are replications if InstrumentationKey gets stolen and how can we avoid it?
I have gone through this article already -
https://blogs.msdn.microsoft.com/premier_developer/2017/12/14/alternative-way-to-protect-your-application-insights-instrumentation-key-in-javascript/
As described in the blog,
Alternatively, the most secure way would be to send data from the browser to your custom API on your server then forward to Application Insights resource with the correct instrumentation key (see diagram below).
You should validate if the data makes sense in your custom API before sending it to the Application Insights instance.
Here are a couple of more threads on the same issue:
Application Insights security and spoofing
https://github.com/MicrosoftDocs/azure-docs/issues/24287