如何在WSo2 API管理器中调用/配置安全的API
[英]How to call/configure a secured API in WSo2 API manager
问题描述
I need to configure a set of apis which are secured and uses client credentials and password alone with client key and secret key. 
我需要配置一组受保护的api,并单独使用客户端凭据和密码以及客户端密钥和秘密密钥。 And how to track the users that are trying to access the API. 以及如何跟踪尝试访问API的用户。
I tried by adding proxy mediators. 我尝试添加代理中介器。
3 个解决方案
解决方案1
0 2019-07-31 13:01:32
By default, the API which you will create in WSO2 API Manager will have secure feature. 默认情况下,您将在WSO2 API管理器中创建的API具有安全功能。 You can secure the APIs with oauth which comes inbuilt in the application or you can integrate the WSO2 Identity Server to be used as Identity Provider for WSO2 APIM. 您可以使用应用程序内置的oauth来保护API,也可以集成WSO2身份服务器以用作WSO2 APIM的身份提供程序。 Below link will show how to create and publish APIs in APIM Manager. 以下链接将显示如何在APIM Manager中创建和发布API。 [ https://docs.wso2.com/display/AM250/Create+and+Publish+an+API] [ https://docs.wso2.com/display/AM250/Create+and+Publish+an+API]
Once you are able to invoke the created API, you can check the usage of that API by checking on the Analytics profile for it. 一旦能够调用创建的API,就可以通过在Analytics(分析)配置文件中检查该API的使用情况来检查该API的使用情况。 You can have it integrated with the API Manager. 您可以将其与API Manager集成。 Below link is useful to setup Analytics profile for APIM 2.5.0 [ https://docs.wso2.com/display/AM250/Configuring+APIM+Analytics/] 以下链接对于设置APIM 2.5.0的Analytics(分析)配置文件很有用[ https://docs.wso2.com/display/AM250/Configuring+APIM+Analytics/]
Once the Analytics is setup for APIM, you can use the DB to fetch the usage of the APIs. 一旦为APIM设置了Analytics(分析),您就可以使用数据库来获取API的使用情况。
解决方案2
0 2019-09-19 11:30:36
To solve your query, this is how you should proceed. 要解决您的查询,这就是您应该继续的方式。
You can add a custom sequence in the inflow of the API ( you can do that from API Publisher only by editing it) [ https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions] 您可以在API流入中添加自定义序列(只能通过对其进行编辑才能从API Publisher中进行添加)[ https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions]
Sequence Code will be like below: 序列代码如下所示:
<sequence xmlns="http://ws.apache.org/ns/synapse" name="custom-sequence_name">
<property xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"
xmlns:ns3="http://org.apache.synapse/xsd"
name="accesstoken"
value="put your token here"
scope="transport"
type="STRING"/>
</sequence>
This above one is for token for backend which is static. 以上是用于静态令牌的后端令牌。 For dynamic token you can create a sequence accordingly. 对于动态令牌,您可以相应地创建一个序列。
This should solve your query :) 这应该可以解决您的查询:)
For dynamic, go here [ How the external authentication handled in WSO2 APIM for an external/Third Party APIs 对于动态,请转到此处[ 如何在WSO2 APIM中处理外部/第三方API的外部身份验证
解决方案3
0 2019-10-13 11:21:27
If your backend is oauth secured then you can use one of the following methods 如果您的后端受oauth保护,则可以使用以下方法之一
- Method-1 方法1
OAuth mediator which can be used for generating OAuth 2.0 tokens and for calling the backends that are secured with OAuth 2.0 protocol. OAuth中介程序,可用于生成OAuth 2.0令牌和调用由OAuth 2.0协议保护的后端。 Refer this . 请参考此 。
- Method-2 方法2
writing a mediation sequence which generates an access token for the backend and making a connection to the OAuth 2.0 secured backend.Refer this blog. 编写中介序列以生成后端访问令牌,并与OAuth 2.0安全后端建立连接。请参阅此博客。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.