Skip to content

apiGrove API basic authentication

Jump to bottom Edit New page
bradleywangia edited this page Sep 5, 2012 · 1 revision

Restrict access using basic authentication

Purpose

This tutorial demonstrates how to restrict access to an apigrove API using basic authentication.

Prerequisites

Please ensure the following prerequites are met

  • Ports 80 and 8181 on the apiGrove host are accessible from your test machine.
  • curl is installed on your test machine.
  • base64 is installed on your test machine.
  • echo is installed on your test machine.

Unless otherwise stated the tutorials commands are run from your test host.

Instructions

Create a file (api6.xml) defining the API that uses the authKey

<api>
  <id>googlebasic</id>
  <displayName>googlebasic</displayName>
  <version>1.0.0</version>
  <type>PassThrough</type>
  <endpoint>googlebasic</endpoint>
  <https>false</https>
  <authentication>
    <supportedTypes>
      <type>basic</type>
    </supportedTypes>
  </authentication>
  <tdrEnabled>
    <enabled>true</enabled>
  </tdrEnabled>
  <status>active</status>
  <contexts>
    <context id="Production" default="true">
      <status>active</status>
      <loadBalancing type="roundRobin"/>
      <targetHosts>
        <targetHost>
          <url>http://www.google.com/search</url>
          <site>Google Search</site>
          <authentication>
            <type></type>
            <data>
              <key name="key">value</key>
            </data>
          </authentication>
        </targetHost>
      </targetHosts>
      <maxRateLimitTPSThreshold>3000</maxRateLimitTPSThreshold>
      <maxRateLimitTPSWarning>0.0</maxRateLimitTPSWarning>
      <maxRateLimitTPMThreshold>3000</maxRateLimitTPMThreshold>
      <maxRateLimitTPMWarning>0.0</maxRateLimitTPMWarning>
    </context>
  </contexts>
  <headerTransEnabled>false</headerTransEnabled>
  <headerTransformations/>
  <allowedHttpMethods/>
  <tdrOnUse type="billing"/>
  <tdrOnLimitReached type="api_max_rate_limit"/>
  <tdr>
    <static tdrPropName="company" value="COMPANY1"/>
    <static tdrPropName="bundle" value="B1">
      <types>
        <type>CompanyQuota</type>
        <type>Billing</type>
      </types>
    </static>
    <dynamic tdrPropName="cust1" httpHeaderName="X-CUST1"/>
    <dynamic tdrPropName="cust2" httpHeaderName="X-CUST2">
      <types>
        <type>CompanyQuota</type>
        <type>Billing</type>
      </types>
    </dynamic>
  </tdr>
</api>

Use curl to post your api6.xml file to apiGrove

curl -i -H "Content-Type: application/xml; charset=utf-8" -H "SOAPAction:" [email protected] -X POST http://<host_name>:8181/cxf/e3/prov/v1/apis

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Content-Type: application/xml
Date: Mon, 20 Aug 2012 16:47:15 GMT
Content-Length: 116
Server: Jetty(6.1.x)

Base64 encode your intended password

echo -n testerpassword2 | base64

dGVzdGVycGFzc3dvcmQy

Create a file defining the (auth6.xml) auth

<auth>
  <id>auth6</id>
  <status>active</status>
  <type>basic</type>
  <policyContext id="Production"/>
  <apiContext id="Production"/>
  <basicAuth>
    <username>tester</username>
    <password>dGVzdGVycGFzc3dvcmQy</password>
    <!-- base64 encoded password testerpassword2 -->
  </basicAuth>
  <tdr>
    <static tdrPropName="company" value="COMPANY1"/>
    <static tdrPropName="bundle" value="B1">
      <types>
        <type>CompanyQuota</type>
        <type>Billing</type>
      </types>
    </static>
    <dynamic tdrPropName="cust1" httpHeaderName="X-CUST1"/>
    <dynamic tdrPropName="cust2" httpHeaderName="X-CUST2">
      <types>
        <type>CompanyQuota</type>
        <type>Billing</type>
      </types>
    </dynamic>
  </tdr>
</auth>

Use curl to post your auth6.xml file to apiGrove provisioning URL

curl -i -H "Content-Type: application/xml; charset=utf-8" -H "SOAPAction:" [email protected] -X POST http://<host_name>:8181/cxf/e3/prov/v1/auths

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Content-Type: application/xml
Date: Mon, 20 Aug 2012 16:47:15 GMT
Content-Length: 114
Server: Jetty(6.1.x)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><response><id>auth5</id><status>SUCCESS</status></response>

Create a file (policy6.xml) defining the policy

<policy>
  <id>policy6</id>
  <apiIds>
    <apiId>googlebasic</apiId>
  </apiIds>
  <authIds>
    <quotaRLBucket id="app1">
      <authId>auth6</authId>
    </quotaRLBucket>
  </authIds>
  <contexts>
    <context id="Production">
      <status>active</status>
      <quotaPerDay>
        <status>active</status>
        <action>reject</action>
        <warning>98</warning>
        <threshold>1000</threshold>
      </quotaPerDay>
    </context>
    <context id="test">
      <status>active</status>
    </context>
  </contexts>
</policy>

Use curl to post your policy6.xml file to apiGrove provisioning URL

curl -i -H "Content-Type: application/xml; charset=utf-8" -H "SOAPAction:" [email protected] -X POST http://<host_name>:8181/cxf/e3/prov/v1/policies

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Content-Type: application/xml
Date: Mon, 20 Aug 2012 16:47:15 GMT
Content-Length: 116
Server: Jetty(6.1.x)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><response><id>policy5</id><status>SUCCESS</status></response>

Make an API call using the recently onboarded API without the basic header

curl -i http://<host_name>/googlebasic?q=trending

HTTP/1.1 401 Unauthorized
Content-Type: text/plain
Transfer-Encoding: chunked
Server: Jetty(7.3.1.v20110307)

Issue: Not Authorized

Base64 encode your username:password combination

echo -n tester:testerpassword2 | base64

dGVzdGVyOnRlc3RlcnBhc3N3b3JkMg==

Make an API call the Basic authorization

curl -i -H "Authorization: Basic dGVzdGVyOnRlc3RlcnBhc3N3b3JkMg==" http://<host_name>/googlebasic?q=trending

The request returns results from the google search api

To delete the API. You can run the following

curl -i -H "Accept: application/xml" -X DELETE http://<host_name>:8181/cxf/e3/prov/v1/apis/googlebasic
Add a custom footer
Add a custom sidebar
Clone this wiki locally