We're exposing Hystrix streams from severals services. These streams are exposed from the management port of each service which is protected by basic authentication. Is it possible to configure Turbine to use basic auth when contacting to (certain) Hystrix streams and if so how?
I submitted a pull request to Turbine that allows you to specify basic auth as a part of the URI. For example http://username:password#mydomain.org.
Related
after reading this answer https://stackoverflow.com/a/51614256/15486192 from #Arsam, i am successfully sending data from nodeMcu esp8266 to firebase.
but i am using Database secrets Although it is deprecated.
and while searching for an alternative i came across firebase REST
Firebase Database REST API
API Usage
You can use any Firebase Realtime Database URL as a REST
endpoint. All you need to do is append .json to the end of the URL and
send a request from your favorite HTTPS client.
HTTPS is required. Firebase only responds to encrypted traffic so that your data remains safe.
after reading that, anyone conclude that you can send data to firebase using HTTPS request.
so my questions,
is REST API just an HTTP request?
i am just confused if it is, then why just not naming it HTTP API?
can i send my data to firebase Realtime-database using only https request from my client?if yes then how
REST or RESTful API design (Representational State Transfer) is designed to take advantage of existing protocols. While REST can be used over nearly any protocol, it usually takes advantage of HTTP when used for Web APIs.
Be carefull when using the REST API on the client side!
The REST API for the Firebase RTDB is usualy ment for development of code where you don't wand or can't use the official SDKs. For example when you code in a language that doesn't have a official Firebase SDK. Or also in usecases where you because of perfromacne reasons don't want to use the SDKs. In most cases landing pages.
BUT. The REST API is very handy for public data in your database. And I would only recommend to leave public data only the read access. Othervise anyone could fill up your database with knowing your REST API.
So if you plan to use the RTDB on your client side try to use official SDK because the handle the security for you.
David East even had a talk on the last Google IO on how to improve the loading time for laning pages by removing the Firebase SDKs and using the REST API. But that was also only for public data.
If you want to use it on a server from the backend you can use also the REST API. Here is the documentation for using the REST API and here for the authentication part of it.
I want to use Firebase Remote Config API via REST in a mobile app. Due to technical limitations, I can't use the Android/iOS SDK so I have to resort to the REST API.
However, that API requires authentication using a private key -- obviously I can't include that key in the application.
I don't need any other Firebase service at this time, just the remote config.
How can I work around this limitation? I tried following the guide at https://firebase.google.com/docs/remote-config/use-config-rest, but as mentioned it requires to first generate a short-lived OAuth2 token using the auth API.
According to the documentation on using the Remote Config REST API:
This document describes how you can use the Remote Config REST API to read and modify the set of JSON-formatted parameters and conditions known as the Remote Config template.
So the REST API is for modifying Remote Config variables, the type of action you could also do in the Firebase console. It is not for use in regular clients, which consume the configuration variables. For that you'll have to use one of the provided clients, as there is no REST API and the wire protocol is not documented.
I'm developing an application following quite closely Feldman Elm SPA example with the API hosted on AWS API Gateway. My problem is the following:
I need to sign my API calls with AWS API Signature v4. It is a less trivial task than I initially thought in Elm:
There is no Elm AWS signature package, so I naturally looked at JS libraries to use via Ports.
Option 1: Use AWS Amplify API that does all the job => But then how to process the result in the most Elm-esque way (ideally with RemoteData).
Option 2: Use a third-party JS library just to sign the request forged by Elm Http.request and send send/process the HTTP request via Elm => So far I found only buggy implementations of AWS Sigv4, I would prefer an official implementation anyway.
In the 2 cases, I'm stuck with the Main Parent / Page Children communication: I can send the request 1) or 2) via Port from the Child. But then, how to can the Child receive the response to his request? Indeed, all responses go into Elm via the same port subscription. Do I need to 'tag' the outgoing requests and then dispatch the response based on the tag? But it will look horrible and won't scale well.
Please note that it is a question about App pattern and architecture. It is not a basic question about Elm Ports (I already successfully call the API from Elm).
Any recommendations or pointers appreciated. Thanks!
Additional info about my setup (following the first comment)
I follow the AWS best practices (scenario #3 Access Resources with API Gateway and Lambda with a User Pool)
Front-end App users are managed by:
Cognito User Pool (signup, sign-in, etc...)
Cognito Identity Pool (map users with IAM role to access AWS resources, including the API Gateway)
Back-end is Serverless: API Gateway + Lambda functions
API Gateway: Lambda proxy integration + Authorization = IAM => this requires the AWS Signature
I don't use API keys because:
I don't want to provide any access to the back-end to unauthenticated users
I need to identify the user from the request headers
I don't want to rely on long-term secrets for authentication on client side
I need add multiple API publisher and store but I don't want to use WSO2 UI to add one by one.
How to use program to add all API publisher and store?
Thank you.
You can use the APIs published by WSO2. Take a look at their documentation.
Before you make an API calls, you to have call following APIs to receive scope & access_token:
Register your application using /register.(the client from which you will be making API call needs to be verified.)
Get access_token using /token API.
Is there support for Proof Key for Code Exchange by OAuth Public Clients on Apigee cloud? I couldn't find any reference to it on the online documentation. If not supported, is it on the roadmap?
this should be fairly simple to do, all you need is to create the proper policies in your oauth proxies... we have a solution for openid connect on top of apigee and just added this in a few hours.
PKCE just requires that you store the code_challenge in a cache you can retrieve when about to create the access token, and then it requires you be able to re create from code_verifier + method... this can be done with a node backend, or by importing the proper libraries in a JS callout ( or java callout if that is your thing.)
we used node for this