Please suggest the possible techniques to validate(NULL, NOT NULL, TAG presence, length, etc.) incoming request JSON schema elements in API Manager before backend service is invoked.
Is it recommended to perform schema level validation in WSO2 API Manager?
As per my knowledge, schema validations(XML/JSON) should be done at client side before API deployed on API Manager in invoked.
Any comments would be appreciated.
Regards,
Abhishek
In order to validate the request json you can use OpenAPI validation specifications. apim facilitates you to edit the OpernAPI spec from the UI it self.
As per my knowledge you can do the validation in both places, but if you do the validation in the client it self you can prevent the API invocation to api manager.
Related
Here's the scenario,
WS_A and WS_B are Web Services published in different endpoints.
WS_A receives personId, makes some processing, logs some data, and returns the name and the lastname of the Person with personId.
WS_B receives two Strings name and lastname and saves name+lastname in a database, then returns Ok/Error.
I need to publish an API API_Composition, using WSO2 API Manager, that will call WS_A, and send the result to WS_B, then return the result of WS_B.
Keep in mind that i can't make a new WS_C that has the behaviour of WS_A+WS_B, because i can't access the whole code of any of them.
Is there a way of doing this using only WSO2 API Manager?
Are there any other API Management products that can accomplish this requirement?
Regards
Yes, you can do this with mediator sequence. I have not found a specific tutorial for your scenario, but here's a blog post that has a demo on using mediator sequences and links to detailed documentation.
(Note: the demo and blog post are for WSO2 API Cloud - the hosted version of WSO2 API Manager. But it all works the same for API Manager - it is the same technology.)
I have an internal webservice exposed in SOAP/HTTP. What I am trying to achieve using API manager is to expose my internal SOAP based webservice over different protocols like XML, JSON etc.
Does WSO2 API manager have that capability.
Thanks and Regards
Privin Thomas
If you wish to transform the incoming message into a different format for the backend. This can be done using the underlying ESB capabilities of the API Manager - there are actualy several ways. IMHO, the easiest way to do this is with Mediation Extensions. For information on adding a Mediation Extension to an API, please see the documentation here:
https://docs.wso2.com/display/AM170/Adding+Mediation+Extensions
WSO2 APIM by default supports OAuth2 for securing APIs. If I want to secure my APIs with other standard mechanisms such as BASIC or custom authorization mechanism(eg: based on xml body elements values of request), what is the approach I should follow?
In documentation it tells about writing a custom handler link . I guess this handler is invoked at transport level which will apply for all the API requests over that transport ??.
Does APIM supports adding other security(eg:Basic) mechanisms for each API when an API is added by publisher? and if so does that happen inside the ESB proxy service sequence or before it hits the proxy service?
The API Manager UI supports only OAuth based security, you can modify the synapse configuration of the API to support Basic auth to validate based on HTTP header. Customer authentication can be supported through handler. A reference to the handler has to be included in each API that you want to secure using the custom logic. This can be done by modifying the synapse config of the API.
You need write custom authentication handler and set as an handler configuration for that specific API
I have an application that uses Basic Authentication to authenticate and authorize service calls. I am setting up our WSO2 API Manager on a separate server but are unsure how to pass the base64 encryption from the API Manager through to my application to authorize certain service calls.
This information is not readily available in the documentation so I am not sure it is even supported.
Has anyone used this or knows how to achieve this?
If you want to provide your own authentication mechanism you can do this very easily by implementing the org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator and set it in authentication handlers chain.
You can refer the org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator for reference.
You can provide the credentials when you create an API at publisher. You can check the WSO2 documentation about adding an API. At publisher for "Endpoint Type" you have to select Secured and then need to provide username/password.
Authentication occurs in API Manager via the APIAuthenticationHandler, which is among the handlers defined in your API sequence definition (/repository/deployment/server/synapse-configs/default/api). To disable authentication for that particular API (since API Manager handles basic authentication itself), just remove or comment out the handler. Users should then provide the basic authentication required by the back-end service rather than the API Manager token, since they will no longer need it.
How to send the post request in wso2 api manager? What would be the content type, parameters etc.
I am publishing Rest APIs in WSO2 API Manager , I would like to intercept my own API input field validations for each API like input parameter format and value etc. If validation success then API Manager should allow the request to invoke back-end , else reject the request with error message.
You can create a custom handler or custom sequence and deploy it for that api. You can implement the validation logic inside that.
see following product documentation
https://docs.wso2.com/display/AM1100/Writing+Custom+Handlers
https://docs.wso2.com/display/AM1100/Adding+Mediation+Extensions