Using API Key in the RESTStub microservice
API Keys can be used instead of a username to identify the user for a request. When Fiorano RestStub checks for the query parameter "APIKey", if it is not found, it checks for the Header Param "APIKey" and validates the user if the user has the permission to invoke that particular service.
The example below illustrates the use of this functionality.
- Create an Event Process (Eg: EP1) with RestStub. In the first panel of RestStub's CPS, provide a value for the Service Name property (Eg: 'Sample').
Navigate to the second panel and click the Authentication tab and enable the Use API Keys property.
This enables API Security. When this security is enabled, RESTStub expects a query parameter "APIKey" which has the user key as its value.
- Click Finish to save the configuration and launch EP1.
- Log on to the Dashboard and navigate to Services > RESTful Services and click the Security tab.
- Add an API by clicking 'add' at the bottom of the page.
- In the Add API User Configuration dialog box, provide User Name and Context (Service name used in RestStub) and click Add. Click the Save Configuration option at the bottom of the page to save the API configuration.
- Right-click the RestStub component and click the Copy WADL URL option.
- Create another Event Process with Feeder > RestConsumer > Display.
- Open the CPS of the RestConsumer microservice, enable Load WADL property, select the From URL option and paste the WADL URL which was copied earlier (step 6) in the text box. Click the Load WADL button.
- In the Configuration panel under the Create/Edit WADL section, go to the GET option. In the Parameters tab, add a parameter with Name (APIKey) and ID and finish the configuration.
Configure the Feeder microservice by connecting it to RestConsumer and fetch the schema from RestConsumer input port. Copy the API Key from Dashboard (created in step 10) and provide this value for the element 'APIKey' in the Feeder input. Below is a sample input:
Sample Input
CODE<ns1:Request xmlns:ns1="http://www.fiorano.com/services/rest"> <ResourceParameters> <resource/> </ResourceParameters> <RequestParameters> <APIKey>MjU3NzQ3NDI1MTM0NzY5</APIKey> </RequestParameters> <Parameters> <Parameter name="name" style="style">string</Parameter> </Parameters> </ns1:Request>- Launch the event process and send the input from Feeder.
- Check for API validation in the output. If the provided APIKey is correct, below is how the output looks like:
- CODE
<?xml version="1.0" encoding="UTF-8"?> <ns1:Responses xmlns:ns1="http://www.fiorano.com/services/rest"> <Response Status="200"> <ResponseParameters> <Transfer-Encoding>chunked</Transfer-Encoding> <Content-Type>text/html</Content-Type> <Server>Jetty(6.1.25)</Server> </ResponseParameters> <Representations> <Representation MediaType="text/html"> <Element> <?xml version="1.0" encoding="UTF-8"?> <ns3:Responses xmlns:ns3="http://www.fiorano.com/services/rest" xmlns:ns1="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Response> <Representations> <Representation> <Element>APIKey</Element> </Representation> </Representations> </Response> </ns3:Responses> </Element> </Representation> </Representations> </Response> </ns1:Responses> If the provided APIKey is incorrect, output displays 'APIKey is not valid'. Below is the output when incorrect APIKey is provided in the input:
CODE<?xml version="1.0" encoding="UTF-8"?> <ns1:Responses xmlns:ns1="http://www.fiorano.com/services/rest"> <Response Status="403"> <ResponseParameters> <Transfer-Encoding>chunked</Transfer-Encoding> <Content-Type>text/html</Content-Type> <Server>Jetty(6.1.25)</Server> </ResponseParameters> <Representations> <Representation MediaType="text/html"> <Element>APIKey is not valid</Element> </Representation> </Representations> </Response> </ns1:Responses>
