I use use WSO2 API Manager 2.1 and I would like to make a throttle per caller IP, that is to say for each IP address, and not for a specify IP address.
Example :
API context : /weather
No authentication (no oauth token)
No application
Client 1 :
IP address : 218.12.1.19
Client 2 :
IP address : 218.12.1.20
Throttle expected : 10 req / min / IP
If "Client 1" make more than 10 calls to the API in the minute, their calls will be throttled but "Client 2" can make their 10 calls without be throttled.
This is doable in WSO2 API Manager 2.1.0. Please refer https://docs.wso2.com/display/AM210/Adding+New+Throttling+Policies
Related
We have architecture pattern (Layered DMZ) where:
1. External facing applications are deployed in 3 layered DMZ (DMZ1 for Web Server, DMZ2 for App Server and DMZ3 for Database server)
2. We do not allow DMZ1 directly talking to LAN, however DMZ2, DMZ3 can talk to LAN
WSO2 API Manager will be installed in LAN, the issue is how do we expose services from LAN API store to external world. Which design pattern is best suited for this? I have couple of options
Option 1:
Deploy another instance of API Manager in DMZ1 which 3rd party can access
Deploy set of services in DMZ1 API Manager only for 3rd party access
Have reverse proxy in DMZ2 which talks to LAN server
Option2:
Single instance of API Manager deployed in LAN
Reverse proxy in DMZ1
Forward proxy in DMZ2 (which currently we do not have)
Forward proxy talks to LAN
I remember IBM has virtual/physical Datapower appliance which acts as ab external API gateway, how do we achieve similar design pattern with WSO2?
Many thanks in advance
WSO2 API Manager will be installed in LAN, the issue is how do we expose services from LAN API store to external world
WSO2 API Manager has a component API Gateway. Actually todays there are two ways to do that
Use API Gateway
API Gatway is an instance of API Manager with parameters specifying, that the instance is a gateway, so other modules (key manager, store, publisher) are disabled or not used
We use API Gateway in DMZ. This instace will authenticate and authorize the calling clients. However, the gateway still needs to call KeyManager web services for token validation and the publisher needs to call gateway for API deployment
(KeyManager and publisher are the services in the APIM in LAN)
Using API Micro Gateway
Needs to be deployed as individual modules and are able to validate client's tokens (jwt tokens) even without any connection to the LAN instance
Note: When not using static api keys, but OAuth authentication, then you need to expose a route to the token and revoke service
Resources:
https://docs.wso2.com/m/mobile.action#page/97564467
https://apim.docs.wso2.com/en/latest/Learn/APIGateway/overview-of-the-api-gateway/
https://wso2.com/api-management/api-microgateway/
There are several common deployment patterns recommended by WSO2 for API Manager which can be found below.
https://docs.wso2.com/display/AM260/Deployment+Patterns#DeploymentPatterns-WSO2APIManagerdeploymentpatterns
You can go for pattern #4 or #5. Pattern #5 will keep your total cost down in terms of license fee and infrastructure fee.
Hi I have distributed set up for WSO2 2.1 APIM in aws. I have published sample Pizza Shack API but its not getting updated at gateway manager node. Can someone help me why api artifact is not getting updated on gateway manager node ?
Machine 1 : Has WSO2 publisher(portoffset 0) and store(portoffset 1) running.
Machine 2 : Has gateway manager(portoffset 0), gateway worker(portoffset 1), traffic manager(portoffset 2) and key manager(portoffset 3) running.
Also when I open and edit sample pizza shack API and go to managed tab I see missing Endpoint and Endpoint Type fields as shown below :
Ideally it should like below :
[root#ip-10-0-1-76 ec2-user]# tcpdump -i eth0 -s 1500 port 9443
I just tried to see if is there any traffic coming from publisher machine to gateway manager and saw below output. Looks like gateway manager is receiving some traffic on port 9443 but don't know what's happening after that.
I am using AWS API gateway to call my APIs from mobile devices.i Use http integration and connect it to my EC2 server.
i want to get the Client IP in ec2 .
I already found a solution to get client ip using lamda function enter link description here
But i need to get client ip in my EC2 Backend.
Please suggest any possible solution
i created an android application that requires use of web service
i want it to be able to access the app everywhere therefore i need
my web services to be public with an external ip so i can access
what is the best way to do it?
I have an Amazon Web Services account i dont know if created an instance and run the web services there will be the best solution
My big problem with Amazon instance is that it takes a while to show in the app the result of the web service
Any ideas in how to make my web service public?
It appears that your requirement is:
Expose a public API endpoint for use by your Android application
Run some code when the API is called
There are two ways you could expose an API:
Use Amazon API Gateway, which that can publish, maintain, monitor, and secure APIs. It takes care of security and throttling. A DNS name is provided, which should be used for API calls. When a request is receive, API Gateway can pass the request to a web server or can trigger an AWS Lambda function to execute code without requiring a server.
Or, run an Amazon EC2 instance with your application. Assign an Elastic IP Address to the instance, which is a static IP address. Create an A record in Amazon Route 53 (or your own DNS server) that points a DNS name to that IP address.
I've got:
- a WSO2 API MAnager 1.3 on a host in a private LAN.
- an nginx host with two NIC one on the same private ALN of the API manager and another with a public IP.
I need to set up the environment so that it will be possible to access the API store and publisher (and even the management through the nginx host using a proxy pass).
How do I have to configure the files in the API manager (and possible the rules also for niginx).
Considering also that the API will have to be published with the public address and also the Authorization token need to be created so that it will be accepted by users calling the public address.
Lets suppose that the public address is www.public.eu (194.1.1.150) and the private LAN is apimanager.private.local (10.1.1.141). I will keep the same port for sake of easiness, but it could be nice to have indications on how to change ports.
I've tryed to modify ap-manager.xml, carbon.xml and axix2.xml with no success.
Thanks
Luca