I have some APIs which should be called just in working days/Hours.
Is it possible to set a working day limitation for API users in WSO2 API-Manager?
You could write a custom mediation policy (https://apim.docs.wso2.com/en/latest/design/api-policies/overview/) or a custom handler (https://apim.docs.wso2.com/en/latest/reference/customize-product/extending-api-manager/extending-gateway/writing-custom-handlers/#writing-a-custom-handler) to restrict the API based on some pre-defined logic.
You can write a custom mediator which accepts the time as params.
This mediator should check the system time and compare it with the parameter passed with the mediator. If it is not within the time specified, it should block the request and if it, allow it.
Then use the mediation policies to pass the time parameter to the gateway runtime applying the policy to the resource that you want to limit.
Related
I want to create a microservice for "orders". The service will have typical actions like "get orders" or "create an order".
I would like to expose this service in two ways:
User frontend: If you call /orders, you will see your orders
Support frontend: if you call /orders, you will see all the orders of all the users
I would like to deploy one API (orders) that can be called from 2 API gateways (user and support). But, I don't know how to do it without duplicating code.
Is this the right approach?
I'm using AWS Apigateway + Lambda + Serverless.
In some way you're being able to differentiate the user that is making the request inside your lambda function, because you need to get only its orders. Based on that I'm considering that you're receiving some kind of token in your lambda where you can extract the correct user.
Considering that scenario, one standard solution to your problem is add something to your token that differentiate if the user is from the support group or not. Normally you add a claim to the token informing that he/she is part of the support group. Then inside your lambda you check this token and give a different answer based on your requirements. But for that solution, you'll need to have means to add new claims/manage your identity provider data (user information inside your service that provides user tokens).
But with that solution you will find a small problem: if a support user must get all the orders and in another moment only its orders you won't find an easy way to implement this. If your requirements demand that you provide both use cases for support users you will need another solution.
In that case another solution would be to provide two different endpoints (API Gateway API's) touching the same backend lambda. In the normal endpoint you forward the request to the backend and the lambda gets all the orders for the user. In the support endpoint you add something else to the request (can be a query parameter or a http header).
For a more secure solution, your support endpoint must not allow requests from people outside the support group. And if you go for a query parameter alternative, you must block this exact query param in the normal endpoint. Someone can abuse the normal api sending the query param for it and get all the orders if you just forward the query params downstream.
You will do all this different configuration in the integration request of AWS API Gateway. You can find how it works here.
I have a working AWS API Gateway GET method. I want to secure it using an API key, so I've created an API key and usage plan, etc.
So previously when I wanted to call the GET method, I would just type a URL with the appropriate parameters into the browser and send it. However, now that we've introduced the API key into the mix, I'm not sure how to call it.
I'm aware of the command line GET and curl tools. Which of these 3 tools (browser, GET, CURL) can accomplish this task and what syntax do I need to use to make the request to the GET method passing the API key?
Mark B is right, I'm just copying because it's the right answer.
You must pass an HTTP header named x-api-key with the API Key as the value. One tool is cURL, another is Postman.
How to chain multiple APIs on the same URL using Azure API management?
I have two APIs the user store and that user recources api.
I want to build rest api so resources will related to user.
Mycompany/users/dani#gmail.com/resources.
User store api is mycompany/users
Resources api is mycompany/resources.
I dont want to build additional service that will consolidate this two apis.
Thanks
Additionally you can use 'send-request' policy, that will call another API endpoint and store the result in declared variable. This is what worked for me.
In my case I had hit another URL after getting response of first APIs. Same can be done in inbound policy also before getting response and similarly you can hit multiple APIs.
Policy snippet.
You can create a single API in API Management that points to multiple different backendĀ APIs. Use the set-backend-service policy to change the backendĀ API for certain operations.
I followed steps provided in this https://www.c-sharpcorner.com/blogs/api-aggregation-using-azure-apim link and able to combine two API responses within one API call.
It tells how to aggregate or chain more than one API responses in API management
I'm attempting to port an existing API to AWS API Gateway.
I've got everything working, in that using the 'test' GUI for each of my endpoints successfully hits my configured EC2 instances.
I used the swagger import facility to automatically map all possible endpoints and their associated URL parameters.
What I've noticed is that when the request hits my API (EC2 instance) the URL has been transformed slightly. The URL parameter order has changed.
Regardless of the parameter order that I paste into the test GUI, the order of the parameters when they hit my API has been changed to the order that they are specified within the 'Method Request' GUI screen.
Does anyone know how to prevent this from happening?
There is no way to achieve this using a lambda 'custom authoriser'
I was trying to use a Lambda function as a custom authoriser which then proxies through to our HTTP API. The only data available to the custom authoriser is the 'Token' in the header (can be named anything you want - setup via API Gateway GUI). You can of course populate this with whatever values you want and one suggestion was to put the param order in this header and then perform some logic at this lambda level, however that meant modifying our API callers which wasn't desirable.
You do have access to the 'transformed' URL (e.g. 'https://df64sxl1.execute-api.us-east-2.amazonaws.com/prod/myEndpoint) but this isn't very useful.
If you are able to utilise lambda integration (instead of custom authorisation) you might be able to achieve what you by using payload-template mappings as these provide a way of accessing the raw request.
Can I add multiple endpoints to 1 API in WSO2 Api Manager?
As far as I know I have to create a context and a version. The background is that I just want to make a request like https://api.manager.com/rest/1.0/userList or https://api.manager.com/rest/1.0/tasks.
The userList REST-Controller is implemented on backend A and tasks REST-Controller is implemented in backend B. (A and B are separate web applications)
As far as I know I have to create in my API Manager two APIs with different context values.
The API Manager application would simply subscribe both APIs.
But this would mean that I have to change my requests on the javascript side. This is in my opinion not good because I dont want my javascript application to care about the context. I want that the API Manager delegates to the correct backend automatically. Is this possible? What is best practise?
You can have multiple endpoints per API using Dynamic Endpoint Feature. When creating the API you need to set the Endpoint Type as "Dynamic Endpoint" and upload a mediation in-sequence that sets the "To" header. Within the sequence you can specify your logic to route to the correct endpoint (setting the correct "To" header) according to the request path. Please read [1] for more information.
[1] http://blog.lakmali.com/2016/08/dynamic-endpoints-in-wso2-api-manager.html