I am looking for a way to fetch API Connect analytics data i.e. a number of requests of APIs exposed via API Connect, by which client, etc. I know, there is an individual dashboard/chart within API Connect. But, I want to build an explicit tool to monitor the same leveraging API Connect data on the IBM API Connect Developer portal. If anyone has the answer please reply to me.
With reference to the https://www.ibm.com/docs/en/api-connect/5.0.x?topic=veaaed-obtaining-analytics-data-by-using-rest-api-calls I have tried but my question is how without any authentication we get the data and if authentication requires then how can we call the API and fetch the data.
According to the doc, HTTP basic auth is required. Your post doesn't specify how you want to retrieve the data, but as an example from the command line using curl
curl -k -X GET -u 'username#company.com' -p 'somePassword' 'https://api-manager-server.company.com/v1/orgs/macs-shack/
environments/sb/events?after=2016-08-01T00:00:00.000&before=2016-09-30T23:59:59.999'
Related
I have a requirement where I have to schedule a console application, which fetches certain records from database and calls an ASP.NET web API. Could someone help me with how to restrict the web API to not get called from anywhere else?
Please help me with any useful links, tips, or steps to follow.
There are a few ways you can lock down access to your application for an rpc call.
You can restrict access via IP with IP filtering.
If you're using windows authentication, you can grant permission to specific AD User or Groups in your web config file.
If you're using forms authentication and basically just need to make an RPC call, you can create an endpoint for your console app which accepts a username/password parameter (using https, of course).
If your setup is more advanced, you can use tokens and ASPNET Identity to limit access.
These are just a few ideas. Basically just google ASPNET security and you'll get a ton of ideas.
I have configured composer-rest-server. I had also provided fabric username/password while configuring composer-rest-server (WebAppAdmin or admin). Now, I can able to access REST API without providing any credentials (through postman or loopback).
I would like to understand how we can secure composer-rest-server. Though, I have understood that we can add participant and issue identity, but not able to connect logical dots in context of how everything will work.
How to secure composer-rest-server while accessing REST API?
When and How we are going to use "username/secret" registered against any participant?
When to authenticate composer-rest-server API and When to use participant identity to access business network?
Please see the documentation on this subject:
https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html
I am trying to create Azure Application Gateway with SSL certification. I have successfully created it using Azure Power-Shell.
Now I want to create it using Rest APIs so that I can use/call them in my code (ruby). My question is: Is there any Rest API exist to create AzureRM Application Gateway? Because I am not able to find any. I've gone through the following link
https://msdn.microsoft.com/en-us/library/azure/mt420159.aspx
It has the APIs present for Application Gateway but for classic mode not for RM mode.
Now I want to create it using Rest APIs so that I can use/call them in
my code (ruby). My question is: Is there any Rest API exist to create
AzureRM Application Gateway? Because I am not able to find any
There's a REST API but at this moment it is not documented and hence you are not able to find it. As a workaround, what you could do is run PowerShell Cmdlets with -Debug switch. Then you will see the request URL as well as request body sent to create an Application Gateway. You can use that in your ruby code.
I am setting up an API for a mobile app (and down the line a website). I want to use oAuth 2.0 for authentication of the mobile client. To optimize my server setup, I wanted to setup an oAuth server (Lumen) separate from the API server (Laravel). Also, my db also lives on its own separate server.
My question is, if using separate servers and a package like lucadegasperi/oauth2-server-laravel do I need to have the package running on both server?
I am assuming this would be the case because the oAuth server will handle all of the authentication to get the access token and refresh access token functions. But then the API server will need to check the access token on protected endpoints.
Am I correct with the above assumptions? I have read so many different people recommending the oAuth server be separate from the API server, but I can't find any tutorials about how the multi-server dynamic works.
BONUS: I am migrating my DB from my API server, so I would assume I would need the oAuth packages migrations to be run from the API server also. Correct?
We have a Windows app hosting a WebBrowser control that hits our REST APIs. We like to restrict access to the APIs to be only coming from withing the Windows app itself (for example, the APIs cannot be accessed in a browser, etc).
How can we accomplish that? what is the most secure way without having to expose any kind of credential (for example, if we use HTTP Basic auth, the username and password can be seen by reverse engineering the app itself)?
Thanks a bunch!
EDIT: We plan to distribute the application freely so we have no control over where the connection will be made from.
Restrict the REST interface to only accept connections from 127.0.0.1 (home) and then connect from your rest-consuming application only with http://localhost or http://127.0.0.1 in the URLs (if you use the external IP or DNS name of your machine it'll be treated as a remote connection and denied access).
You can do this with web server settings, or within the code of your REST APIs
I had a similar situation during a project where we distributed an iPhone app that also connected to a REST api that my team developed.
For security we used somewhat of a three-legged scenario. The app was required to authenticate using the user's credentials against a standalone service responsible only for authenticating and generating access tokens. Once the app received a valid access token, subsequent requests to the api required sending this token in the Authorization header.
You could do something similar. If you come up with a credential scheme to authenticate your app as valid API consumers you could use basic auth over HTTPS to obtain tokens, and then only by using those tokens could a consumer gain access to the rest of the API.