Wednesday, August 26, 2015

OAuth as a Service

WSO2 API Cloud brings you OAuth as a Service. If you are a person who,
  • Has a service/API behind a firewall that needs to be opened up to the public
  • Has ability to introduce a firewall rule
Then this blog post will explain, what you need to do.

In addition to OAuth protection, here is what you get after using WSO2 API Cloud,
  1. Advertising to public in your own portal
  2. Public developers will be able to get OAuth consumer secret/key from portal and call your API
  3. You will be able to monitor API statistics such as - no of calls per service, who is calling the service
  4. Throttle the API as required
  5. Finally charge the API when that feature is added

High level architecture


Now you can instantly enable OAuth to your API. Steps,

1) Firstly, protect your API. If it is a JaxRS service protect using HTTP BasicAuth. If it is a SOAP service protect using UsernameToken. In step 3 you will see why we need to protect it.

2) Then get an account in protect it using OAuth. Here is the tutorial on how to do it.

Now you have the API in a public portal.

3) Now contact send an email to to get an IP, in-order to add a firewall rule enable this IP to talk to your service. We need to protect the service using username/password to avoid unauthorised access, because there could be an attack where unauthorised party trying to call the same services, if it is not protected.

Now you have implemented the architecture mentioned above.

No comments: