WSO2 APIM-3.2.0 Vs Microgateway 3.2.0

Image for post
Image for post
[Source: https://i.makeagif.com/media/2-20-2017/FUS1Iu.gif]

This or That? Left or Right? Yes or No? Black or White?

Always a huge dilemma right? The same conundrum exists when it comes to choosing the best option for API security. Today’s digital era has wrapped almost all its solutions in the format of API. So protecting your APIs has a huge impact on the business and thus inevitable. An API can be protected in different ways concerning various factors. Some of the commonly used API security methods are as follows.

  1. Authentication with tokens, API keys, etc.
  2. Usage of encryption and signatures
  3. Quotas and throttling

Apart from the above-mentioned methods, there are plenty of methods available to protect your APIs. In this blog let’s see how we can protect APIs by securing the request and response payloads from malicious attacks. …


Image for post
Image for post
[Source: https://media2.giphy.com/media/QAftV2ttJ0GFwCVXLu/giphy.gif]

Many of the applications or e-platforms we use today allow us to create user accounts by ourselves without the interference of an administrator or any other authorized personality. What if someone else creates an account on behalf of you in any of the applications without your concern? That will lead an unauthorized personality to mimic yourself on that platform which will create security hazards for you.

There are various mechanisms to protect this self-registration process. One such method is to send a registration confirmation email to the user and when the user confirms the account, it becomes a verified account. …


Image for post
Image for post
[Source: https://i.pinimg.com/originals/95/bb/a9/95bba99c829ef25552d6e11b702b2bde.gif]

WSO2 Governance Registry (GReg) is a highly customizable product via different extension points. This is a well-known feature in Greg. But assume if you are to replicate a customized pack locally for some testing purpose or to implement some features on top of the existing pack how can you set it up in your machine? What are the elements you need to consider during this setup process? Well, that’s the story of today’s blog…! This blog will provide a set of general guidelines to set up a customized GReg pack locally in your machine.

Let’s Start!

Image for post
Image for post
[Source: https://bestanimations.com/Computers/funny-homer-computer-animated-gif-38.gif]

Before you start, there are few factors that you need to concentrate on in order to avoid any conflicts during the setup process. …


Image for post
Image for post
[Source: https://blog-assets.freshworks.com/freshservice/wp-content/uploads/2019/01/18120225/groot-trainee.gif]

In today’s tech world an organization’s assets are no longer restricted to be just the tangible properties, knowledge, or manpower. Anything and everything that brings turnover to a business, play a key role in the day-to-day routine activities or strategy level planning are considered to be assets of an organization. Intangible assets such as APIs, swaggers, contact details, files are some examples for an organization’s assets these days.

WSO2: The solution provider

Image for post
Image for post
[Source: https://3.bp.blogspot.com/-HBoEEee22js/V6bTv1bkVuI/AAAAAAAAEhM/bW5sBoLIL2ks-1fy1N3V4qUJfUDrglpUgCLcB/s1600/Screen%2BShot%2B2016-08-07%2Bat%2B11.57.22%2BAM.png]

WSO2 is one of the leading key players in open-source technologies. When the company was started back in 2006 they had products such as Application server, App Manager, Business Process Server, Message Broker, etc. …


Image for post
Image for post
[Source: https://media.giphy.com/media/xT5LMVVteLJCqQyWpq/giphy.gif]

What am I doing?

COVID-19, an unavoidable headline these days. The world has seen drastic tragedies in its history over time, but none of them sustained and suffocated the people as COVID-19 did. Everyone is talking, writing, vlogging, and worrying about COVID-19.

So what am I going to do in this blog? Document the COVID victim report? Symptoms of Corona? Share prevention and precaution measures? Tips on productive activities in this quarantine situation?A BIG NOOOOO to all of them. If you are searching any of those in this blog, then sorry.com guys ☹

This blog is to recap and reform our lives!


Image for post
Image for post
[Source: https://checkmydream.com/img/origin/1558560702-832_passport.jpg]

On a pleasant Monday morning, you are going to the passport office to apply and get your passport. Let’s assume that you have applied to get the passport on the same day. You provide all your details in the application form to the officer. Upon successful validation, they will create and give you the passport.

So what does the new passport really contain? The authority extracts some important details that you have stated in your application form and will prepare the passport along with the passport number.

In brief, you provide your details and get a pass with the details you have given. This is what today’s blog is about, sharing details via tokens to generate different tokens with the required details. …


Image for post
Image for post
[Source: https://d33wubrfki0l68.cloudfront.net/d7271a547f8b4e5535c266bccd89470581602b66/ea674/assets-jekyll/blog/illustrated-guide-to-oauth-and-oidc/tpotd-examining-id-token-8d047e404d0d789cd2996d4d7d7601bccd9741905e80b3720b3565208eebd453.jpg]

In our day-to-day life, we may have come across the term called “tokens”. In general, tokens are used as an exchange mechanism in order to get some items or get some work done. For example, if you visit a doctor a token number will be given to you at the reception. By providing that token you will be able to meet the doctor when your turn comes. Another example would be, assume that you are at your school sports day. …


Image for post
Image for post
[Source:http://www.quickmeme.com/img/2d/2d4ccdc6095a54dff921438af13b403e197d6467b1a10f1612fba144fd88ffdc.jpg]

After a hectic day of work finally, the PRs got merged and deployed the changes to the QA environment, please note the process is done manually 😈 as it’s a startup and the things are yet to be settled down. What if you have missed implementing an important logic? Again from the beginning 😰?

Image for post
Image for post
[Source: https://media.giphy.com/media/Dd76QxXlhsWCk/giphy.gif]

Jenkins, the problem solver

Jenkins is a very popular open-source automation server that performs continuous integration and deployment done via executing jobs. Jobs are nothing but a set of predefined tasks. This can be achieved by connecting the version controlling system(E.g. GitHub, GitLab, BitBucket) with Jenkins. …


Image for post
Image for post
[Source: https://i.pinimg.com/564x/0c/9b/de/0c9bde42bc52832b7bdf756a8ee57960.jpg]

In our day to day life, proving our identity and doing activities with the awarded privileges are very common circumstances that we all face. For example, it could be a scenario where we provide our identity card at the entrance of our university to enter the premises. Also, can you remember the days where even if you have the student identity card and got the permission to enter the university premises, you were never allowed to park your vehicle in the staff parking area? …


Image for post
Image for post
[Source: https://i.imgflip.com/gs54m.jpg]

During this era, many applications communicate with each other with the aid of APIs. Despite the domain, the scale of the business and user base, APIs are being used to transfer both sensitive and insensitive data. Nevertheless, it is essential to validate the data being passed through these APIs. The man-in-the-middle security attacks are very common and expected threats of a system and it requires a significant amount of effort to overcome that.

When a request is being sent from the client-side, it should be validated against a predefined model. Upon successful validation, the request should be directed to the corresponding backend. If not the attackers can send malicious payloads and break the API Gateway which poses security threats to the system. This safety measure not only applies to requests but also for the responses to reduce backend failure. …

About

Saranki Magenthirarajah

Inquisitive

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store