An OpenAPI catalog for WSO2 APIM and Micro-gateway 320

Image for post

This is the sequel of my previous blog on WSO2 vendor extensions. In the previous blog, we have analyzed the default OpenAPI structure, what are extensions, the need to have extensions, and a glance at how WSO2 utilizes the vendor extensions in OpenAPI definitions. In this blog, we’ll be looking into some in-depth aspects of how WSO2 has used the vendor extensions to get tuned in with the APIM and Microgateway(MGW) features. Let’s begin with analyzing the default OpenAPI fields and the WSO2 vendor extensions.

Supported default fields and WSO2 vendor extensions in OpenAPI Definition


An OpenAPI catalog for WSO2 APIM and Micro-gateway 320

Image for post
Image for post
[Source: https://45.media.tumblr.com/59ce12f2973199e5042f9d3e07bd2e49/tumblr_o4seodEyWn1s3olk1o1_540.gif]

If you don’t fit into the box, then fix the box to fit yourself in!

In WSO2 API Manager (APIM) and in Microgateway (MGW) the core element that gives business to these products is the API. The APIs are treated as contracts and as a single source of truth (SSOT) in the real business world. The APIs contain all the technical specifications on how data exchange has to be done in day-to-day business. The OpenAPI specification is used to design and generate the REST APIs that contain the API’s metadata, the communication endpoints, how the request and response should be handled, etc.

In order to contain all the details about an API, the OpenAPI is designed to have multiple fields or keys. There are mandatory and optional fields we get in the OpenAPI definitions. This is a global standard that can be optimized by any individual or organization to design and define their APIs. Since this is a widely accepted and global standard, there raises a problem in adapting these fields in a way that they address all the use-cases that can differ from organization to organization. …


WSO2 APIM-3.2.0 Vs Microgateway 3.2.0

Image for post
Image for post
[Source: https://i.makeagif.com/media/2-20-2017/FUS1Iu.gif]

This or That? Left or Right? Yes or No? Black or White?

Always a huge dilemma right? The same conundrum exists when it comes to choosing the best option for API security. Today’s digital era has wrapped almost all its solutions in the format of API. So protecting your APIs has a huge impact on the business and thus inevitable. An API can be protected in different ways concerning various factors. Some of the commonly used API security methods are as follows.

  1. Authentication with tokens, API keys, etc.
  2. Usage of encryption and signatures
  3. Quotas and throttling

Apart from the above-mentioned methods, there are plenty of methods available to protect your APIs. In this blog let’s see how we can protect APIs by securing the request and response payloads from malicious attacks. …


Image for post
Image for post
[Source: https://media2.giphy.com/media/QAftV2ttJ0GFwCVXLu/giphy.gif]

Many of the applications or e-platforms we use today allow us to create user accounts by ourselves without the interference of an administrator or any other authorized personality. What if someone else creates an account on behalf of you in any of the applications without your concern? That will lead an unauthorized personality to mimic yourself on that platform which will create security hazards for you.

There are various mechanisms to protect this self-registration process. One such method is to send a registration confirmation email to the user and when the user confirms the account, it becomes a verified account. …


Image for post
Image for post
[Source: https://i.pinimg.com/originals/95/bb/a9/95bba99c829ef25552d6e11b702b2bde.gif]

WSO2 Governance Registry (GReg) is a highly customizable product via different extension points. This is a well-known feature in Greg. But assume if you are to replicate a customized pack locally for some testing purpose or to implement some features on top of the existing pack how can you set it up in your machine? What are the elements you need to consider during this setup process? Well, that’s the story of today’s blog…! This blog will provide a set of general guidelines to set up a customized GReg pack locally in your machine.

Let’s Start!


Image for post
Image for post
[Source: https://blog-assets.freshworks.com/freshservice/wp-content/uploads/2019/01/18120225/groot-trainee.gif]

In today’s tech world an organization’s assets are no longer restricted to be just the tangible properties, knowledge, or manpower. Anything and everything that brings turnover to a business, play a key role in the day-to-day routine activities or strategy level planning are considered to be assets of an organization. Intangible assets such as APIs, swaggers, contact details, files are some examples for an organization’s assets these days.

WSO2: The solution provider


Image for post
Image for post
[Source: https://media.giphy.com/media/xT5LMVVteLJCqQyWpq/giphy.gif]

What am I doing?

COVID-19, an unavoidable headline these days. The world has seen drastic tragedies in its history over time, but none of them sustained and suffocated the people as COVID-19 did. Everyone is talking, writing, vlogging, and worrying about COVID-19.

So what am I going to do in this blog? Document the COVID victim report? Symptoms of Corona? Share prevention and precaution measures? Tips on productive activities in this quarantine situation?A BIG NOOOOO to all of them. If you are searching any of those in this blog, then sorry.com guys ☹

This blog is to recap and reform our lives!


Image for post
Image for post
[Source: https://checkmydream.com/img/origin/1558560702-832_passport.jpg]

On a pleasant Monday morning, you are going to the passport office to apply and get your passport. Let’s assume that you have applied to get the passport on the same day. You provide all your details in the application form to the officer. Upon successful validation, they will create and give you the passport.

So what does the new passport really contain? The authority extracts some important details that you have stated in your application form and will prepare the passport along with the passport number.

In brief, you provide your details and get a pass with the details you have given. This is what today’s blog is about, sharing details via tokens to generate different tokens with the required details. …


Image for post
Image for post
[Source: https://d33wubrfki0l68.cloudfront.net/d7271a547f8b4e5535c266bccd89470581602b66/ea674/assets-jekyll/blog/illustrated-guide-to-oauth-and-oidc/tpotd-examining-id-token-8d047e404d0d789cd2996d4d7d7601bccd9741905e80b3720b3565208eebd453.jpg]

In our day-to-day life, we may have come across the term called “tokens”. In general, tokens are used as an exchange mechanism in order to get some items or get some work done. For example, if you visit a doctor a token number will be given to you at the reception. By providing that token you will be able to meet the doctor when your turn comes. Another example would be, assume that you are at your school sports day. …


Image for post
Image for post
[Source:http://www.quickmeme.com/img/2d/2d4ccdc6095a54dff921438af13b403e197d6467b1a10f1612fba144fd88ffdc.jpg]

After a hectic day of work finally, the PRs got merged and deployed the changes to the QA environment, please note the process is done manually 😈 as it’s a startup and the things are yet to be settled down. What if you have missed implementing an important logic? Again from the beginning 😰?

About

Saranki Magenthirarajah

Inquisitive

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store