I am trying to implement push notifications for mobile application using AWS SNS.
Our application does not support any of the methods(node js, python etc) mentioned in AWS website to access AWS SDK. So I need to call Amazon SNS api with HTTP calls directly instead of other methods.
Is there any way to do it?
Thank you
Of course, the HTTP API is well documented. I use the HTTP API to send notifications. Getting the HTTP headers just right can be a bit frustrating at first, but the responses from the endpoint often give you pretty good hints. Sadly there aren't a lot of easy to follow code examples so it might take some time to get it just right.
Here's a link to the API:
http://docs.aws.amazon.com/sns/latest/api/Welcome.html
Some good info here:
http://docs.aws.amazon.com/sns/latest/api/CommonParameters.html
How to sign an HTTP API request:
http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Related
I've been exploring OneLogin and I think I have a basic understanding of how to use it; I was successful at configuring the Node+Passport sample application to authenticate with OneLogin and I understand the code.
I want to try it with AWS API Gateway. I've got an API already defined in AWS. On a high level I know I need to configure an Authorizer in AWS for OneLogin and that there is going to be some bit of information that I will need to pass in a header when I make my calls to the AWS Api Gateway (I assume a Bearer token that I get from authenticating with OneLogin before I interact with AWS, but I don't know).
Can someone give me a description of what I need to do? The most recent question that I see here on the topic was posted in 2016 back when the answer was "You can't do that." That answer has changed in the past 4 years. The OneLogin documentation says it can be done, but I have found not information on how to do it.
GENERAL PATTERN
The role of an authorizer function is to perform the following actions:
Validate access token
Optionally collect additional claims
Cache the claims for subsequent requests with the same token
Provide claims to business logic
In fact this is a general pattern that can be used anywhere, as referenced in my blog post.
TOKEN VALIDATION
I would use the One Login Introspection Endpoint.
Some NodeJS code of mine that calls an introspection endpoint is here.
AWS SPECIFICS
Since you are using OneLogin you will need to write some custom code. Your lambda authorizer will need to do standard OAuth 2.0 work, then return an AWS policy document. Some resources of mine may help you to understand how this works:
Lambda Authorizer Blog Post
Associated NodeJS Code
PAIN POINTS
The AWS plumbing is a bit painful, and it is possible you are using some different technology choices to me - I am using the Serverless Framework.
Hopefully though, this gives you something to run locally and compare against. Happy to answer any follow up questions ...
I am trying to send HTTPS Post Request from GCP to Segment.io
I want to create a service that will read data from BigQuery table and then send calls directly to Segment.io API (link) from where I'll redirect the data to other destinations, but on the GCP site I'm struggling to find the most optimal way to do it. Cloud Run seems like a good option but I'm wondering if there might be an easier way?
The recommended products to be used for this task can be either Cloud Run or Cloud Functions.
You can either use the Client Libraries or API in order to extract the data from the BigQuery table and use any HTTP request library of your favorite programming language to issue the POST request to the Segment.io API.
I am certain I need to use an API Gateway, but I can't understand the main differences between the different tools in my use case scenario.
Currently, I have multiple services (DBs, Mobile App, Web App and some additional systems. Consider there are 15 different services) that communicate with each other through REST APIs. This is difficult to manage and test, so I would like to change the architecture into something more like what Netflix is doing with Zuul.
Ideally, the services don't know about the other services. They send a request to a specific endpoint (the API Gateway). Then, the API Gateway interacts with the necessary services and sends the response back.
Here is one example in practice: a service sends a request to a custom (endpoint) connector, the request is parsed, broken down into smaller requests that are sent to other services (that own the specific content requested), get the content back in the response, gather all the responses, create a final response with all the content gathered, send the response back to the first service that sent a request.
I need high availability, scalibility, fault tolerance, the ability to monitor and test all services in one place, ability to do canary testing, easy to add new services and manage the older services. I value open source software and mature software. Should run off premise.
The best solutions that I believe would solve my problem are: WSO2, Apigee, Zuul and Amazon API Gateway. I don't know which is more appropriate for my use case. I have looked at others, but I haven't found any advantages in features or cost against these 4.
Thank you for your feedback regarding advantages and disadvantages regarding these technologies! Other suggestions are also welcome!
Notes:
Not all of my services are on AWS, but some are.
The system needs to handle peaks with tens of thousands of requests per minute that happen regurarly, but never continuasly.
You can also consider the Forum Sentry API Security Gateway from Forum Systems (I work for Forum Systems).
Based on your example use case, if each of the "smaller request" services are using the same protocols (e.g. HTTPS), message formats (e.g. JSON) and security characteristics (TLS, authentication, etc.) then the solution should be relatively straight forward.
If each service is using different identity or message formats, say, then your API Gateway solution will also need to have strong capabilities around identity and message conversion. For example, one small request may require a BasicAuth header to authenticate to the service, whereas another small request may require a SAML assertion.
As you have landscape of different microservices, wherein each microservice has its own business context and is accessible by REST endponit. In this case, your client need not to aware about each microservice and thus API gateway comes into picture, using which you can have one entry point to all microservices landscape.
There are different API gateway solutions available like you said apigee, apiman etc. These framework gives some basic implementation of features required in API gateways like request throttling, monitization of request calls, authentication handle, centralized security etc.
Netflix's Zuul provides the filters which you need to implement yourself. So, if you are using Zuul, you have to implement all the features which you want to put in your API gateway by yourself.
I hope this explanation helps!!!
I am using wso2 1.10.0 api manager for first time. I need to access the http backend with simple query parameter. I published the api and tried either by setting as queryparam or json object, it's not giving me the expected result. I will get binary response or method not allowed. When tried setting only http endpoint I never got response its just keeping processing for long time. Please suggest me how do I access simple http backend. Need to show demo in a week.
Please help to solve this.
You get 'method not allowed' when you try to access a resource which was not defined for that method (say backend has POST method supporting resource only and you try to do a GET request)
I guess the issue is with the way you have defined the resources for the api from the publisher application. (invalid HTTP methods for resources)
If you think you have defined them correctly, then the next step to identify the issue is wirelogs. wirelogs provide all the info in request passing through the api manager gateway (request headers, body etc)
Follow this article http://mytecheye.blogspot.com/2013/09/wso2-esb-all-about-wire-logs.html on how to enable and read them
You can then directly call the backend (say curl -v to the backend) and compare the request from the direct call vs the one going out from
gateway to the backend and check the difference. This would help you start finding the issue
Since you are new to API manager, I would recommend you to do following first
Try out a simple scenario similar to your one. You can google it. This is from official documentation. would recommend to try out a simple scenario first. say https://docs.wso2.com/display/AM1100/Convert+a+JSON+Message+to+SOAP+and+SOAP+to+JSON
Then use SOAP UI or similar app to directly call the backend web service (not the api manager) and get the SOAP request and SOAP response for the backend.
Then create the api in API manager. you need to do the same thing in the sample i provided. only difference is the soap payload. use the previously collected SOAP messages.
Enable wire logs. for that see the comments in the previous answer. In wirelogs you will see >> and << signs
To read the wire log, first we have to identify message direction.
DEBUG - wire >> - This represent the message coming into API manager from the wire (will notice two set of these. one coming in to the
gateway from the rest client and response coming in to the api manager from the backend. )
DEBUG - wire << - This represents the message going to the wire from API manager (again two sets. request going from api manager to the
backend service and the response sent to the rest client from the api manager.)
the soap message will be printed in this log. check for the request going from api manager to the backend and the response coming from the
backend to the api manager. you can compare that to the onces you collected in the step 2 and do modifications if needed to the sequnces.
the wirelogs will also print the http headers. so check that as well.
hope you could set up a working sample using these steps
So I've seen this answer Using NodeJs with Firebase - Security that talks about syncing NodeJS with the Firebase data structure.
I don't use NodeJS (being a Railo/Coldfusion developer) and was wondering if something like this is possible outside of NodeJS? Through java or maybe just using REST endpoints. Or do I have to use the original solution in the above link of separately updating the data in my webserver.
Another way of wording it is; can I make a round trip from firebase to an HTTP server that isn't nodeJS?
EDIT: To clarify, exactly what I wanted to do was have a email webservice post to the REST API of Firebase, then firebase post that to an URL on my external railo server as my users need to know when the email arrives but the server just needs to make sure it stores it.
As I understand it my best bet is to get the email webservice to post to the URL on my railo server which then posts to the REST API on firebase.
Yes you can.
Firebase does not have a Coldfusion client library, so you need to use the REST APIs. You can use the REST API to read / write Firebase data from your server code.
The one thing you'll be missing is the notifications when data changes. With the node.js client, you can subscribe for updates to data but there's no way to do that from a REST API.
So if you need to know when Firebase data changes, and you're using REST, you'll have to poll the data periodically.
(Note: This is mostly copied #Michael's answer in the comments)