API Keys can be used instead of a username to identify the user for a request. When Fiorano RestStub checks for the query parameter "APIKey", if it is not found, it checks for the Header Param "APIKey" and validates the user if the user has the permission to invoke that particular service.
The example below illustrates the use of this functionality.
- Create an Event Process (Eg: EP1) with RestStub. In the first panel of RestStub's CPS, provide a value for the Service Name property (Eg: 'Sample').
Navigate to the second panel and click the Authentication tab and enable the Use API Keys property.
- Click Finish to save the configuration and launch EP1.
- Log on to the Dashboard and navigate to Services > RESTful Services and click the Security tab.
- Add an API by clicking 'add' at the bottom of the page.
- In the Add API User Configuration dialog box, provide User Name and Context (Service name used in RestStub) and click Add. Click the Save Configuration option at the bottom of the page to save the API configuration.
- Right-click the RestStub component and click the Copy WADL URL option.
- Create another Event Process with Feeder > RestConsumer > Display.
- Open the CPS of the RestConsumer microservice, enable Load WADL property, select the From URL option and paste the WADL URL which was copied earlier (step 6) in the text box. Click the Load WADL button.
- In the Configuration panel under the Create/Edit WADL section, go to the GET option. In the Parameters tab, add a parameter with Name (APIKey) and ID and finish the configuration.
Configure the Feeder microservice by connecting it to RestConsumer and fetch the schema from RestConsumer input port. Copy the API Key from Dashboard (created in step 10) and provide this value for the element 'APIKey' in the Feeder input. Below is a sample input:
- Launch the event process and send the input from Feeder.
- Check for API validation in the output. If the provided APIKey is correct, below is how the output looks like:
If the provided APIKey is incorrect, output displays 'APIKey is not valid'. Below is the output when incorrect APIKey is provided in the input: