Rectangle 27 1

In a nutshell, API gateway exposes public APIs, applies policies (authentication - typically via OAuth, throttling, adherence to the the defined API, caching, etc.) and then (if allowed) optionally applies transformation rules and forwards the call to the backend. Then, when the backend responds, gateway (after optionally applying transformation rules again) forwards the response to the original caller. Plus, there would typically be an API management solution around it providing subscriber portal, user management, analytics, etc.

So basically any web service framework would work as a quick DYI solution.

You can also use plugin model of an open-source load-balancer such as NGINX.

Or take an open-source API Gateway to learn from it - e.g. WSO2 API Manager (the easiest way to see it in action is the hosted version: WSO2 API Cloud)

java - How do I implement basic API gateway - Stack Overflow

java api gateway java-api
Rectangle 27 0

Apart from managing users through the product's Management Console, every carbon server also exposes its management services as web services.

As far as user management is concerned, you can find API samples at the following links (note that these might be specific to work on a particular carbon version):

The second link refers to WSO2 Identity Server: does this work with WSO2 API Manager as well?

I'd say it should work with all wso2 products, since they share the same wso2 carbon base, acting as some general purpose middleware server. Carbon is able to expose web services for several server management functions, such as user management, shared among all products. This other answer seems to be specific to the API manager store app, could be enough to suit your needs for this use case.

I need also to set custom fields value that are not provided by the standard Store API, I'll probably need to dig more into the article because I see that they set there custom properties.

WSO2 API Manager User Management APIs - Stack Overflow

api wso2 wso2-am
Rectangle 27 0

Visibility settings prevent certain user roles from viewing and modifying APIs created by another user role.

  • Public: the API is visible to all users (registered and anonymous), and can be advertised in multiple stores (central and non-WSO2 stores).
  • Visible to my domain: the API is visible to all users who are registered to the API's tenant domain.
  • Restricted by Roles: The API is visible to it's tenant domain and only to the user roles that you specify.

Publish API to selected subscriber group or to an internal user in wso...

api wso2 subscription wso2-am
Rectangle 27 0

you can limit the visibility of api to roles. On the first page of api creation, you can select visibility and put it to restricted by roles.

So if you want limit the visibility of an api to an internal application team, you have just to create an internal application team role in wso2 console(configure/user and roles) and write it when you create your api.

When people with this role will be connected to the store, they will see this api. But other people can't see it.

Publish API to selected subscriber group or to an internal user in wso...

api wso2 subscription wso2-am
Rectangle 27 0

// how to get the user profile (including username & password) via rest API provided by wso2am//

Passwords are hashed and stored, so you cannot retrieve them. Username and password has to be provided by the user/client. You need to get that from the user request, and embed that with conusmer secret+id..

Thanks for your reply. Our client is Mobile app, so that is why we don't want to store userid&password in mobile client. if username&password cracked, so anyone can logon store to un-scribe API, that is what We worried. Any suggestion for this situation?

WSO2 API Manager - How to get User profile with consumer key & secrete...

wso2 wso2-am
Rectangle 27 0

Yes, API Store has an exposed API which can be used to register new users (User Signup) and authenticate users (Login).

curl -X POST -b cookies http://localhost:9763/store/site/blocks/user/sign-up/ajax/user-add.jag -d "action=addUser&username=user2&password=xxx&allFieldsValues="
curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d 'action=login&username=user1&password=xxx'

But password recovery functionality is not available yet. It will be avilable in future releases.

Is there a way to customize the additional fields? What are the differences between these REST APIs and the APIs sent by Corso?

What you meant by additional fields? Did you mean the user claims? Underline the Store APIs I have pointed, the same web service APIs available in carbon are invoked. The store APIs makes it easier because it adds required roles (subscriber role) to the new users, in order to login afterwards.

It is possible to customize fields. But in API Manager we don't ship claim management features. If you check this in WSO2 Identity Server, there you can see in Configure->Claim Management, you have the ability to mange cliam dialects by adding new claims, changing order, etc. The claim dialect used in Sign up is So if you want to do this for API Manager either u need to install claim management feature or go to database level and manually change claims in UM_CLAIM table.

Yes that should work. But the problem is for latest API Manager versions there is no compatible claim management features available. So you may have to wait for next release. As a workaround you can use Identity Server sepereately and point its user store to the same user store which api manger points (configured in user-mgt.xml). Then after starting Identity server you can do the claim mangement there. Since both are sharing the same user store those same claims will appear in api manager store as well.

WSO2 API Manager User Management APIs - Stack Overflow

api wso2 wso2-am
Rectangle 27 0

Application registration workflow and subscription workflow have DTO classes ( , where you can cast the WorkflowDTO to them and get the details related to that workflows. But For user signup workflow I couldn't find such DTO class . But as I know when user signup ,all the details of that user will be stored as user profile(which is a feature of IS used in apimanger). So by admin service call you can get the user profile of a particular[1] you can find a sample User profile management service client. Hope this would help you.

Thanks for the answer! I solved my question by accessing the user database and getting the data I need. But I know this is the "dirty" way to do it. Using the service client you proposed seems a much better idea. But if I create a new instance of the class, what do I give as parameters of the constructor?What should I put as backEndUrl?

actually what they have done is, they have used the UserProfileMgtService in So you can write your own client for that service.It is an admin service with in apimager .You can find the wsdl of that service by following this doc[1]. 'https://<your-ip>:8280/services/UserProfileMgtService?wsdl' using that wsld create the stub and invoke the service as you want. you can find the endpoints in the url l.username and password will be the username and password of the supper admin of apimager. 1.

User Dao to access internal user store in WSO2 API Manager - Stack Ove...

wso2 wso2-am api-manager