I am struggling heavily trying to configure a model using REST connector. I've read the official docs: https://docs.strongloop.com/display/APIC/REST+connector
and I find it extremely confusing.
My scenario requirements:
I'm connecting to several external REST services (always with the same baseURL)
different loopback Models should access different external endpoints
Basic authorization should be used, but the credentials differ from request to request
Some concrete questions:
should I have a datasource per model or only one (based on common baseURL)?
In case of only one datasource, how can I then dynamically set the concrete URL for each request?
How can I dynamically set the credentials for Basic authorization of a single request?
Related
I would like to have different values for ALLOWED_HOSTS for different Django REST API endpoints. Is this possible? Here are more details:
I have a setup consisting of a Django REST API backend, a React frontend, a Postgresdb and nginx, each running in a docker container, managed by docker compose. I am exposing Django API endpoints that are accessed by the frontend from the user's browser, so I am adding the domain of the frontend to allowed hosts. However, I have one specific API endpoint that should only accept requests from the frontend docker container but never accept requests from outside. It should only be used for communication between the frontend and the backend container. So in this case i would have to restrict allowed hosts to the ip of the docker container. Both settings are possible and working, but I can only choose one of both in the global Django settings. My question is: Is it possible to set allowed hosts for an individual endpoint/url?
I suppose if there is no clean way of doing it I could run a manual check using HttpRequest.get_host() to verify the request host against the container name?
It's certainly possible.
In a pure Django context, I'd implement this as a Django middleware that intercepts the request, looks at the path and the request host, source IP and does what it needs to.
In a Django REST Framework context, I'd implement this as an additional authentication class, since it will then have access to the Django REST Framework context if required.
Finally, I'd recommend also protecting this "secret" endpoint with additional authentication – the simplest might be an additional secret header (X-Nik-Secret: very? ;-) ) that is known to the frontend container. That check can similarly be implemented in middleware or authentication.
My web application has a public API endpoint eg https://example-backend/home.
I have two frontends one for internal admin (https://example-admin.com) and the other for customers (https://example.com) both using the same backend endpoint.
The goal is to allow this API to only be available to the internal admin frontend.
I thought about using the HTTP ORIGIN header which would contain the frontend URL. Is that a good approach?
I think you need to check this:
Django allowed hosts
I have a django application that puts a task in a queue. Another service is used to read that queue and process some files. At the end I need to save the processed files in the database managed by the django application.
I do not want to give the microservice access directly to the database, since I want the responsibility only to be to process the files.
So I wanted to post the changes to django using HTTP request. The problem is that I do not have any authorization at the time, even though I know that HTTP from this type of machine is to be accepted.
For the django application I use JWT as an authorization token. How is the best way to approach this type of problem? Maybe just send a token together to the queue? But how to make such token? It's not certain when the process will be executed..
When you really think about it, there is no need for your internal services to authenticate themselves if they are in the same network.
In that case - You can put Django behind an API gateway (don't write your own, find an open source highly rated project). Then you can control via this gateway which end point is allowed by which traffic source. Then you can easily control end points that are specifically for internal services and which end points need authentication by an external entity.
If they aren't in the same network (which means they are separated by the great gulf of the cloudy net) then the usual way two machines communicate is with an API key. In that case, you can configure your services with symmetric keys, or private/public pair, it doesn't really matter. Machines can be trusted with secret keys. Why would you need to send the token in the queue? If the service is allowed to post results to Django, its allowed to do so for all requests, so it needs to be configured with an API key that tells your API that it is allowed to post processed files.
Can I add multiple endpoints to 1 API in WSO2 Api Manager?
As far as I know I have to create a context and a version. The background is that I just want to make a request like https://api.manager.com/rest/1.0/userList or https://api.manager.com/rest/1.0/tasks.
The userList REST-Controller is implemented on backend A and tasks REST-Controller is implemented in backend B. (A and B are separate web applications)
As far as I know I have to create in my API Manager two APIs with different context values.
The API Manager application would simply subscribe both APIs.
But this would mean that I have to change my requests on the javascript side. This is in my opinion not good because I dont want my javascript application to care about the context. I want that the API Manager delegates to the correct backend automatically. Is this possible? What is best practise?
You can have multiple endpoints per API using Dynamic Endpoint Feature. When creating the API you need to set the Endpoint Type as "Dynamic Endpoint" and upload a mediation in-sequence that sets the "To" header. Within the sequence you can specify your logic to route to the correct endpoint (setting the correct "To" header) according to the request path. Please read [1] for more information.
[1] http://blog.lakmali.com/2016/08/dynamic-endpoints-in-wso2-api-manager.html
Is it possible to have the API Manager redirect an incoming client API call to a back-end URL customized according to the client data?
In our back-end we're activating different instance URLs for each client, e.g.:
client1.api.domain.internal
client2.api.domain.internal
...
Clients connect to the API Manager to a unique shared address, e.g. api.domain.ext, and then clients shall be routed to the internal API accordingly (the parameter is bound to the client profile).
Is this achievable via configuration or is it necessary to develop a custom component?
You can use API manager.
Publish one API-A to the clients to subscribe publicly via publisher. Define another internal API-B (dont publish it) where do routing logic based on the clients' requests.
Point the API_B as the production URL to the API_A. So, requests will be routed to your internal API-B, where you can define your mediation logic.
But for defining mediation logic, what you have to do is, open the API configuration in a TEXT editor and need to edit or via source view of the management console. You can follow ESB guide for various mediators to pick a right one.
Hope this helps!