I have Restful API with 40 endpoints like:
GET /user/:id
GET /users
POST /users
and etc....
I want to proxy API by Apigee but only certain endpoints, for example only one:
GET /users
Can't find the way how to do it.
When I add proxy it maps to all routes.
Assuming your Target API is at http://hostname/basepath/
Assuming that GET /users is equivalent to GET http://hostname/basepath/users and so on..
You'll need to create a API proxy with the Target URL: http://hostname/basepath
Then, inside the API proxy, you need to create a resource for each valid (permitted) verb + resource path.
For example, If GET /users and GET /users/:id is permitted, you need to create 2 resources in your API proxy:
GET /users
GET /users/*
This can be done from the UI at the Overview section in the API proxy.
Once you finished defining the allowed resources, you need to add a Conditional Flow with NO Condition, that only responds with an Error (you can use a Raise Fault Policy). This can be done in the Develop section in the API proxy.
This Conditional Flow, MUST be at the end, so if the request does not match any of the resources, it will match this default Conditional Flow, and it will trigger your Raise Fault policy.
Related
I am trying to disable the try it out feature of the Swagger UI for certain endpoints only. These are regardless of their http method. I know it is possible to disable either for all endpoints by adding to the Startup configuration:
c.SupportedSubmitMethods(new SubmitMethod[] {});
As part of the UseSwaggerUI options. I also aware of disabling the try it out feature for specific http method endpoints, such as only display the Get methods using:
c.SupportedSubmitMethods(new SubmitMethod[] { SubmitMethod.Get });
However, I need to disable try it out for a selection of endpoints, that are not common for one http method only. The use case is that I am currently in the transition of updating endpoint authentication from API-keys to an OAuth2.0 clients credentials flow. Newly added endpoints are thus, not secured with API-keys - as we would like our customers to be able to integrate towards the new endpoints straight away, and then configure the OAuth flow once this is added. So I have some endpoints, that are configured with API-keys (running over Azure APIM) which cannot be called directly without throwing a 403 code. So to avoid any confusing, until the OAuth authentication is added, I would like to disable the try it out for the older endpoints, while the new ones should have it.
Ideally it would be nice to have a simple decorator, or attribute that could be added to those endpoints that I do want to hide (eg. something like [SubmitMethod(false)] - however this is just a plain pseudo sample to prove my point here).
As a side note, I am developing using .NetCore 3.1.
I have rest end point /admn_resource_manager.I have created a apigee proxy to expose this.
I dont want to expose it like this to others as I want something like /adminmanager.
Is there any way to map /adminmanager to /admn_resource_manager using Apigee.
end user would use http://someurl.apigee/adminmanager instead of http://someurl.apigee/admn_resource_manager
I explored KeyValueMapoperation and AssignMessage in Apigee.
I am not sure if these are the right option to implement map path.I didn't get any example for this either.
The way you would think to do this would be to use the Assign Message policy and use the Set -> Path element. But this policy isn't currently working as designed for rewriting the proxy's target URL. See the Assign Message Guidance for more details.
To rewrite the incoming URL to a different target URL you can use the Assign Message Policy to set the entire URL (target.url) in the Target Endpoint flow, or you can use a JavaScript callout to set it. I chose to use a JavaScript callout because it gives a lot more control when rewriting the URL.
Here is an example project on Github I put together for this you can use to see how I did it. It uses the swapi.co api as the target endpoint. This proxy uses the Assign Message and JavaScript callout policies to rewrite the URL. Here's some details about it...
Proxy Endpoints
Create a proxy endpoint for each resource you are renaming.
This is where you setup the Assign Message policy to set the variables for the new path suffix.
Assign Message Policies
Set on the PreFlow of each proxy endpoint to set the targetPathSuffix and appendResourceIdToUrl (if needed) variables.
JavaScript Policy
Calls out to the URLRewrite.js file to execute the js code.
Set on the TargetEndpoints PreFlow and executes on each request
Uses the variables set in the Assign Message Policies to change the target.url variable.
I think Apigee can do it.
When I was started Apigee I have learned and try to understand from the picture below. (I think it is describe the main concept of this platform)
From your scenario,
You can specify the URL that you wants client to call maybe someurl.apigee/adminmanager or something else
Apigee is a middle also known as a Gateway. When you received the request from client, you can manage whatever you want. Of course, including pass your client to other URL like someurl.apigee/admn_resource_manager . (You just assigned new url to that request)
Because I'm not an expert as well so, you this link below can explain you more information.
Link:Using Flow Variables
It is natural to have different api end point such as /questions /users in http.
Can I define http input with different path ? (I can only find examples using http://ip:port as an input)
I wonder if it's possible to define http://ip:port/foo as an input of logstash?
I think you may be looking at the wrong thing in Logstash. HTTP Input plugin is for some application to send data to Logstash over HTTP.
If you have an application and want to send to Logstash over HTTP and want to change how Logstash processes it based on the api endpoint from the original application then I would suggest putting a new field called endpoint into your message data. You application would populate that based on the endpoint which was used. Then you can use conditionals within Logstash to change the logic Logstash applies.
I just saw this URL:
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application...
But I've also seen URLs like this before:
http://some.website.com/api/verb?param=1¶m=2...
What's the difference between those? Just cosmetic?
Depends on the technology used (WEB api, MVC api, ...), and how the developper coded, it's certainly not the same code behind
"What's the difference between those? Just cosmetic?"
Semantically, they indicate 2 different resources, and it's NOT cosmetic.
/api?some=param indicates resource /api, while /api/?some=param indicates resource group /api/. When request to resource group /api/ is received, web server may decide to return:
Default resource of the resource group, such as /api/index.html or /api/index.jsp.
Deny the request and return error. requestb.in uses this policy. If a URL endpoint is created (e.g. https://requestb.in/1hl8k4u1), GET https://requestb.in/1hl8k4u1 would return ok, but GET https://requestb.in/1hl8k4u1/ would return 404 Not Found.
Take the resource group as single resource entity, i.e. take /api/ as /api. Express.js uses this policy. In Express.js, router.get('/api/', ...) and router.get('/api', ...) is the same thing.
I have a backend which generates three JWT tokens - reference token, access token and refresh token. Reference token stores a reference to the access token, which is used to access API and refresh token is used to reissue access token when it is timed out. The problem is I do not want to pass access token to the client, but want to use nginx to store it in memcached. So, my whole task is to filter the response from the backend, which currently looks as simple as:
{"reference_token":"...","access_token":"...","refresh_token":"..."}
Nginx should filter this response, get access token from this response and store it in memcached. Finally, it should return to the client a new response:
{"reference_token":"...","refresh_token":"..."}
As you can see, there should be no access_token any more. Access token is something which I try to secure and not to show it and even pass it to the client. What I do not know, is what is the best approach to implement this, what Lua block should I use for this task. I know about body_filter_by_lua , but documentation shortly says that:
Note that the following API functions are currently disabled within this context due to the limitations in NGINX output filter's current implementation
So, it seems like body filtering is rather limited and I'm not even sure if it is possible to call memcached API inside this block. So, how can I implement my task in real world? At least, what Lua (openresty) tricks should I use to approach this task?
You may issue a subrequest (e.g., ngx.location.capture) to your backend within you content handler for example.
Next you may filter a body as you want and use then lua-resty-memcached which use cosocket API.
The drawback of this approach is that you would have full buffered proxy.