WSO2 API Manager - Add Custom Endpoint Security Scheme?
Question
We are currently evaluating the WSO2 API Manager (v1.6.0) to Front our internal APIs so they can be securely exposed to thirdparty developers and partners. Our internal APIs have implemented an HMAC-SHA1 based custom authorization scheme similar to AWS, where clients construct a HMAC-SHA1 hash string using the request url, the current timestamp and a secret key assigned to that client.
I would like to configure/customize the API Manager to employ this custom scheme when routing requests to our service endpoint. This way the API Manager operates as just another client to our internal API. What is the best way to achieve this? Currently the API Manager only supports Basic Auth (When I select "Secured" in the "Endpoint Security Scheme" drop-down when setting up my API). How do I update the API Manager so it:
Supports my custom scheme - constructs the Authorization Header using our custom scheme when calling our service endpoint
Maintains the secret key used for generating the about header within it's configuration/data store
1 answers
solution1
0 2016-08-01 10:09:43
Although this is a very very old question, I'm answering so it can be useful to someone, someday.
You can do this by either writing a custom handler or custom sequence . What you have to do is,
1) Send the token in a custom header.
2) Copy that token to Authorization header by a custom handler/sequence.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.