In our last post, we discussed API Management and the key role that an API Gateway could play. API Gateways can enable secure access to its API endpoints. Features in an API Gateway are often categorized in three broad categories:
- Authentication: Who is allowed to access (Access Control)
- Authorization: Who is allowed to perform operations of exposed APIs (Permissions / Privileges)
- Audit: Analyzing sufficient information for each client request
How does this work? How can developers and DevOps teams get started? We’ve broken out a step-by-step guide on how to get started with API Management with Express Serverless Platform including best practices on API Management along the way.
Here’s a quick diagram of what that looks like:
Setting Up The Service And API Endpoint in Express Serverless Platform
We will have to complete a few pre-requisite steps before configuring authentication, authorization and audit.
- First we have to set up a Service Endpoint using the Canvas
- Then we have to set up a Gateway instance
Before setting up a pipeline within this Gateway, it will be helpful to create a ‘scope’ (which may be later associated with API endpoints and API users)
- Then, we will create two users with credentials to access the APIs. For the purpose of this blog, we will work with Key-based Authentication.
- Finally we will set up a pipeline in our Gateway instance that is configured for authentication, authorization and audit
We have an existing service (worldclockapi.com) that we want to expose an API with appropriate rate limits. So, we need to drop in a ‘Service Endpoint’ from the Canvas (on to the ‘Private’ quadrant). This component only needs one configuration information: the base URL of the service (http://worldclockapi.com/api/json/utc/).
The Service Endpoint can be front-ended by an API Gateway, just like other services (model-based microservices and serverless functions) in the Express Serverless Platform. So, next, we drop in a Gateway instance on the Gateway quadrant.
Before we jump into creating a pipeline, we will create a scope, and two users by clicking on the ‘Consumer Management’ button on the Gateway element on our Canvas.
To create a new scope, we will navigate to the ‘Scopes’ tab under Consumer Management.
Now we will create a scope named ‘timewatchers’. we just need to type in the scope name and hit ‘Enter’.
Now we will create a new user with user id ‘bob’ and set up the following:
- Allocate a API key for key-based authentication for this user
- Associate this user with the ‘timewatchers’ scope
First we create a user ‘bob’ from the ‘User’ tab under Consumer Management.
To allocate an API key, expand the information on user bob from the ‘User’ tab under Consumer Management.
Scroll down the pop-up showin the user details for ‘bob’, and focus on the Key-based authentication section. Click on the ‘Create’ button.
This will generate a Key id and secret for the user ‘bob’. We need to take note of these credentials in order to access API endpoints.
Finally, we will associate the ‘timewatchers’ scope with the user ‘bob’.
We will actually create one more user ‘alice’ and allocate API keys in a similar fashion. However, we will not assign any scope to this user.
Now we are ready to set up a pipeline in our Gateway instance with key-based authentication enabled.
Now that we’ve covered how to set up the ServiceEndpoint, we’ll move on to Authentication. Authentication is an important key aspect to API Management. To enable key-based authentication, we’ll add policies to our pipeline and provide a complete easy-to-follow guide written by developers for developers on how to set this up.
- Sign up for the 14 day free Trial of Express Serverless Platform – your feedback helps prioritize our roadmap with the most value realized within the shortest amount of time
- Learn more about Express Gateway Commercial Support Plans
- Check out the Enterprise Edition of Express Gateway with more important API and Microservices
- Subscribe to our Newsletter
API Management Reimagined: Authentication Authorization Audit