SAP API Management Unit 4.4: Closer look at API Owner Policy Designer PUBLIC
|
|
- Avis Walsh
- 5 years ago
- Views:
Transcription
1 SAP API Management Unit 4.4: Closer look at API Owner Policy Designer PUBLIC
2 Objectives After completing this unit, you will be able to: - Add Policies to existing API Proxies - Understand some of commonly used policies like - Security - Verify API Key - URL Masking - Access Control - Basic authentication - CORS (Cross-Origin Resource Sharing) - Traffic Management - Quota Handling - Spike Arrest - Caching - Mediation / protocol transformation - Raise Fault - Key Value Maps SAP SE or an SAP affiliate company. All rights reserved. Public 2
3 SAP Policy Designer Overview
4 Overview 1/2 The Policy Designer allows modify / enhance incoming and outgoing requests in the API Management system. A set of predefinied policies for Security, Traffic management, protocol transformation and others are available out of the box Customer specific enhancements can be implemented via custom code (e.g. JavaScript, Python, ) SAP SE or an SAP affiliate company. All rights reserved. Public 4
5 Overview 2/2 Each policy is assigned to a Flow in the call (e.g. ProxyEndpoint: PreFlow / PostFlow, TargetEndpoint: PreFlow / PostFlow) The policies are represented in a flow diagram in the center of the screen Available Policy templates can be used on the right Created Policy can be accessed on the bottom right SAP SE or an SAP affiliate company. All rights reserved. Public 5
6 API Proxy Execution Sequence Pre Flow Condition Flows * Post Flow Pre Flow Condition Flows * Post Flow Incoming Stream (Request / Inbound) Proxy End Point Route Rules # Target End Point Client Backend Outgoing Stream (Response/ Outbound ) Condition Condition Post Flow Pre Flow Post Flow Pre Flow Flows * Flows * * All conditions flows whose conditions matches # First route rule whose condition matches SAP SE or an SAP affiliate company. All rights reserved. Public 6
7 A lot of options SAP Official documentation can be found here: Although not 1:1 compatible, documentation at Apigee is quite good & comprehensive with lots of examples, Additional sample policies can be found on GitHub, Often there are context variables / flow variables available that you can use; see or search on apigee.com (Code completion in Editor is missleading!) SAP SE or an SAP affiliate company. All rights reserved. Public 7
8 Some general remarks Do not use special characters when working with Policies (neither in the name nor elsewere). Don t use spaces in the name. You might need to reference them later Be careful when working with the XML coding-snippets. Currently even the order of tags can be the cause of an error SAP SE or an SAP affiliate company. All rights reserved. Public 8
9 Security Policies
10 Verify API Key Verify Key API Key Security API keys grant access to an API Proxy in the same way you would protect your password. Each application that a developer is subscribing gets an individual application key which can is used to authenticate the used API Proxies. This also enables the API Owner to run analytics scenarios on the API Keys SAP SE or an SAP affiliate company. All rights reserved. Public 10
11 Verify API Key Verify Key Verify API Key Policy Configure where the API Key should be retrieved from, e.g. request.queryparam.apikey => from Query ( GET ) name apikey request.header.apikey from header, name ApiKey See e9bb420f.html SAP SE or an SAP affiliate company. All rights reserved. Public 11
12 Unit Policy Designer - Verify API Key SAP SE or an SAP affiliate company. All rights reserved. Public 12
13 URL Masking JavaScript Protect Backend Services SAP API Management protects and hides the systems in the backend. To ensure that also the response of a service does not contain the backend server information a URL Masking can rewrite backend URLs with the API Proxy URL SAP SE or an SAP affiliate company. All rights reserved. Public 13
14 URL Masking JavaScript Java Script Policy Policy calls the actual JavaScript urlrewrite.js file Get the response.content from the context Use regular expression to replace & ignore case ( gi ) the backend server name and the path with values from APIM Put response.content back See & SAP SE or an SAP affiliate company. All rights reserved. Public 14
15 var rc = context.getvariable("response.content"); var newstr = rc.replace(/sapes4.sapdevcenter.com:443/gi, "d046471trialtrial.apim1.hanatrial.ondemand.com"); var newpath = newstr.replace(/\/sap\/opu\/odata\/iwbep\/gwsample_basic/gi, "/d046471trial/gwsample_basic_valora2"); context.setvariable("response.content", newpath); SAP SE or an SAP affiliate company. All rights reserved. Public 15
16 Unit Policy Designer - URL Masking SAP SE or an SAP affiliate company. All rights reserved. Public 16
17 Access Control Access Control Limit access to API Proxy to IP ranges In addition to protect APIs via an API Key, Access Control can be used to either explicitly allow or deny access from certain IP ranges to the API Proxies SAP SE or an SAP affiliate company. All rights reserved. Public 17
18 Access Control Access Control Access Control Policy Set MatchRules to ALLOW or DENY access from certain SourceAddresses, Mask: 8,16,24,32 keep the first x bits See 7afb0a743fa52702a.html <AccessControl name="acl"> <IPRules norulematchaction="deny"> <MatchRule action="deny"> <SourceAddress mask="24"> </sourceaddress> <SourceAddress mask="24"> </sourceaddress> <SourceAddress mask="24"> </sourceaddress> </MatchRule> <MatchRule action="allow"> <SourceAddress mask="16"> </sourceaddress> <SourceAddress mask="16"> </sourceaddress> <SourceAddress mask="16"> </sourceaddress> </MatchRule> </IPRules> </AccessControl> SAP SE or an SAP affiliate company. All rights reserved. Public 18
19 Unit Policy Designer - Access Control SAP SE or an SAP affiliate company. All rights reserved. Public 19
20 Traffic Management
21 Quota Handling Quota Limit number of calls to API Proxy In order to control or monteize access to your API Proxies a quota can be applied. This allow to limit the number of calls in a certain period of time. In addition to limit the calls on an API Proxy the number of calls can be differentiated per API Key (which allows different applications to have different quotas) SAP SE or an SAP affiliate company. All rights reserved. Public 21
22 Quota Handling Access Control General Quota Settings: TimeUnit: second, minute, hour, day, month Inverval: number of Time Units Allow count: number of calls API Dependent Quota Settings Identifier ref="verifyapikey.checkapikey.client_id Policy Template Policy Name See ddaea0.html 2016 SAP SE or an SAP affiliate company. All rights reserved. Public 22 22
23 Maintain Quotas in API Product Access Control Different API Products (Tiers) can lead to different quotas (e.g. Silver has less calls than Gold ) Verify API Key Policy makes additional variables available which can be referenced verifyapikey.<apikeypolicy>.apiproduct.develo per.quota.limit verifyapikey.<apikeypolicy>.apiproduct.develo per.quota.interval verifyapikey.<apikeypolicy>.apiproduct.develo per.quota.timeunit Fixed values need to be provided as fallback! SAP SE or an SAP affiliate company. All rights reserved. Public 23
24 Unit 4.4.4a - Policy Designer - Quota Handling Unit 4.4.4b - Policy Designer - Quota Handling - API Dependent SAP SE or an SAP affiliate company. All rights reserved. Public 24
25 Raise Fault Policy Raise Fault Setting explixit custom error messages By default SAP API Management returns an Internal error HTTP Code 500 In case of Quota failure there is a specific HTTP Code 429 xxx, which can be setup via a Raise Fault policy. Obviously similar error codes could be set if required for other scenarios SAP SE or an SAP affiliate company. All rights reserved. Public 25
26 Raise Fault Policy Access Control Previous Policy-Step: ContinueOnError = true Condition String: ratelimit.setquota.failed = "true" Policy Name RaiseFault Policy: set FaultResponse See SAP SE or an SAP affiliate company. All rights reserved. Public 26
27 Unit Policy Designer - Raise Fault Policy SAP SE or an SAP affiliate company. All rights reserved. Public 27
28 Spike Arrest Spike Arrest Limiting number of calls in short period of time Quota handling is good to limit number of calls over a certain period of time, e.g. 1 Mio calls per month. To protect the backend system you have to ensure that these 1 Mio calls are not done within 1 minute. In addition to Quota Handling Spike arrest can limit / reduce the number of calls in a short period of time SAP SE or an SAP affiliate company. All rights reserved. Public 28
29 Spike Arrest Spike Arrest Identifier: Similar as with Quota to ensure a per-application handling of calls MessageWeight: To distinguish between heavy and simple calls Flow Variable: ratelimit.<policyname>.failed = "true" Rate: Calls per Second (ps), Minute (pm) Per-minute rates get smoothed into full requests allowed in intervals of seconds. For example, 30pm gets smoothed like this: 60 seconds (1 minute) / 30pm = 2-second intervals, or 1 request allowed every 2 seconds. A second request inside of 2 seconds will fail. Also, a 31st request within a minute will fail. Per-second rates get smoothed into full requests allowed in intervals of milliseconds. For example, 10ps gets smoothed like this: 1000 milliseconds (1 second) / 10ps = 100-millisecond intervals, or 1 request allowed every 100 milliseconds. A second request inside of 100ms will fail. Also, an 11th request within a second will fail. See SAP SE or an SAP affiliate company. All rights reserved. Public 29 29
30 Unit 4.4.4c - Policy Designer Spike Arrest SAP SE or an SAP affiliate company. All rights reserved. Public 30
31 Concurrent Rate Limit Concurrent Rate Limit Limiting number of calls concurrent calls The ConcurrentRatelimit policy helps to limit the number of connections to your backend services from API proxies running on SAP API Management. Generally in a distributed environment, many API Proxies can point to the same backend service. In such a case the backend service is flooded with requests. In order to manage traffic to backend services, you use the Concurrent Rate Limit policy. App App App App App App App App App SAP API Management Backend Systems Limit number of concurrent calls to backend SAP SE or an SAP affiliate company. All rights reserved. Public 31
32 Concurrent Rate Limit Concurrent Rate Limit Fairly simple to configure but hard to test (so no Exercise). AllowConnection: Specifies the number of connections to the backend service. TTL determins the number of seconds after which the counter is automatically decremented (in case there was not proper decrement via the response path) Distributed: specify whether the counter should be shared accross instances Not fully configurable in the UI as the policy also needs to be placed in the Fault Rules See also: SAP SE or an SAP affiliate company. All rights reserved. Public 32
33 Comparison of Quota, Spike Arrest and Use it to: Don't use it to: Stores a count? Best practices for attaching the policy: Quota Spike Arrest Concurrent Rate Limit Limit the number of connections apps can make to your API proxy's target backend over a specific period of time. Don't use it to protect your API proxy against traffic spikes. For that, use the Spike Arrest policy or Concurrent Rate Limit policy. Protect your API proxy's target backend against severe traffic spikes and denial of service attacks. Don't use it to count and limit the number of connections apps can make to your API proxy's target backend over a specific period of time. For that, use the Quota policy. Yes No Yes Attach it to the ProxyEndpoint Request PreFlow, generally after the authentication of the user. This enables the policy to check the quota counter at the entry point of your API proxy. From: Attach it to the ProxyEndpoint Request PreFlow, generally at the very beginning of the flow. This provides spike protection at the entry point of your API proxy. Limit the number of concurrent connections apps can make to your API proxy's target backend. Don't use it to limit the number of connections apps can make to your API proxy's target backend over a specific period of time. For that, use the Quota policy. This policy must be attached in these three locations: TargetEndpoint Request PreFlow TargetEndpoint Response PreFlow TargetEndpoint DefaultFaultRule HTTP status 500 (Internal Server Error) code when Your org can optionally be configured to return an HTTP limit has been status code of 429 (Too Many Requests) instead. * reached: Good to know: Quota counter is stored in Cassandra. Configure the policy to synchronize the counter asynchronously to save resources. Asynchronous counter synchronization may cause a delay in the rate limiting response, which may allow calls slightly in excess of the limit you've set. 500 (Internal Server Error) Your org can optionally be configured to return an HTTP status code of 429 (Too Many Requests) instead. * Performs throttling based on the time at which the last traffic was received. This time is stored per message processor. If you specify a rate limit of 100 calls per second, only 1 call every 1/100 second (10 ms) will be allowed on the message processor. A second call within 10 ms will be rejected. Even with a high rate limit per second, nearly simultaneous requests may result in rejections. 503 (Service Unavailable) Keeps a count of concurrent connections per message processor. While an individual API proxy may be handling just a few connections, collectively, the connections to a set of replicated API proxies pointing to the same backend service may swamp the capacity of the service. Use this policy to limit this traffic to a manageable number of connections. Get more Quota policy Spike Arrest policy Concurrent Rate Limit policy details: SAP SE or an SAP affiliate company. All rights reserved. Public 33
34 Backend Authentication
35 Basic Authentication Assign Message Basic Authentication Authentice with technical user to backend Backend systems are usually protected via certain means of authentication. SAP API Management can hide this authentication (to provide a unified authentication accross different backend systems to the consumer). Basic authentication adds an authentication header to the backend call so the API Proxy can connect via a technical user. App App App App App SAP API Management Backend Systems Authentication via API Key One Technical User for authentication Step 1) the Username and password is added to a variable. Step 2) encodes and adds this variable as Basic authentciation in the header SAP SE or an SAP affiliate company. All rights reserved. Public 35
36 Basic Authentication Assign Message Basic Authentication Assign Message Allows to set variables, like a username and password See Basic Authentication Retrieves and encodes information (like username and password) and sets header variables See SAP SE or an SAP affiliate company. All rights reserved. Public 36
37 Unit Policy Designer - Basic Authentication SAP SE or an SAP affiliate company. All rights reserved. Public 37
38 Caching
39 Caching Response Cache Caching allows API Management to cache the response from the server and return this information to a request without calling the backend system As applications make requests to the same URI, you can use this policy to return cached responses instead of forwarding requests to the backend server. Response Cache policy improves API's performance through reduced latency and network traffic. See SAP SE or an SAP affiliate company. All rights reserved. Public 39
40 Caching Response Cache CacheKey is an identify for a cache entry. KeyFragment request.queryparm.apikey takes the APIKey (make sure to check queryparm / header) as a first identifier KeyFragment proxy.pathsuffix adds the path suffix as an additional identifier [in the exercise we will only use request.uri] TimeoutInSec defines the validity of the cache SkipCacheLookup allows to manually force a cache-refresh See: SAP SE or an SAP affiliate company. All rights reserved. Public 40
41 Unit Policy Designer - Caching SAP SE or an SAP affiliate company. All rights reserved. Public 41
42 CORS
43 Cross-origin resource sharing (CORS) A web page may freely embed images, stylesheets, scripts, iframes, videos and some plugin content (such as Adobe Flash) from any other domain. However embedded web fonts and AJAX (XMLHttpRequest) requests have traditionally been limited to accessing the same domain as the parent web page (as per the same-origin security policy). "Crossdomain" AJAX requests are forbidden by default because of their ability to perform advanced requests (POST, PUT, DELETE and other types of HTTP requests, along with specifying custom HTTP headers) that introduce many cross-site scripting security issues. CORS defines a way in which a browser and server can interact to determine safely whether or not to allow the cross-origin request. [2] It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests SAP SE or an SAP affiliate company. All rights reserved. Public 43
44 CORS Example Swagger / OpenAPI is a simple yet powerful representation of your RESTful API. Via API specifications can be created an tested. Testing an API from SAP API Management from swagger.io leads to an error due to a cross-origin request SAP SE or an SAP affiliate company. All rights reserved. Public 44
45 CORS Example When setting the right headers in the API via Policies, e.g. Access-Control-Allow-Origin = * The call is successful SAP SE or an SAP affiliate company. All rights reserved. Public 45
46 CORS Routing Rules Routing Rules enables to call different Target Endpoints depending on certain conditions Since in a CORS request the browser performs a request with verb OPTIONS a new Route Rule noroutes is definied which does not route the request to an endpoint See 6c42cfb8dd157ab html SAP SE or an SAP affiliate company. All rights reserved. Public 46
47 CORS Routing Rules Routing Rules Routing Rules enables to call different Target Endpoints depending on certain conditions Since in a CORS request the browser performs a request with verb OPTIONS a new Route Rule noroutes is definied which does not route the request to an endpoint See 6c42cfb8dd157ab html SAP SE or an SAP affiliate company. All rights reserved. Public 47
48 CORS New Proxy Endpoint Routing Rules A new preflight endpoint with Condition string request.verb == OPTIONS is added. This will be called when the browser checks if CORS support is possible SAP SE or an SAP affiliate company. All rights reserved. Public 48
49 CORS Set CORS Headers Assign Message In the PostFlow of the ProxyEndpoint the AssignMessage policy will add the required CORS headers to the outgoing request Access-Control-Allow-Origin Access-Control-Allow-Credentials Access-Control-Expose-Headers Access-Control-Allow-Methods Access-Control-Allow-Headers SAP SE or an SAP affiliate company. All rights reserved. Public 49
50 Unit Policy Designer - CORS SAP SE or an SAP affiliate company. All rights reserved. Public 50
51 Basic Authentication of Users
52 Basic Authentication Basic Authentication Basic Authentication is the simplest way to authenticate a user in a standard way. The user will be prompted to provide username and password, which will then be sent as HTTP Authorization header (base64 encoded). This mechanism does not secure the password in any way. A full basic authentication works as follows: 1. Server to send challenge for User Name and password with HTTP 401 response including header: WWW-Authenticate: Basic realm= <Name> 2. Client to provide username and password in HTTP Header: Authorization: Basic dxnlcjpwyxnz. Value is username:password encoded in base SAP SE or an SAP affiliate company. All rights reserved. Public 52
53 Basic Authentication Basic Authentication To challenge the user for a password the raise fault policy is used. It will trigger when no HTTP Authorization header is set. URL: Success (200): To validate User name and Password an external identity store is used. In our case we use SAP Cloud ID (accounts.sap.com) SAP Cloud ID is accessed through a service call out. This means a rest API will be invoked with the previously supplied credentials (HTTP POST). If Successful, the status code is 200 and user details are provided. If not, the code is HTTP 401. Fault (401) SAP SE or an SAP affiliate company. All rights reserved. Public 53
54 Key Value Maps
55 Key Value Maps Key Value Map In API Management Key Value Maps can be used to avoid hard-coding specific values within the API Proxy. Key Value maps: Are durable Are accessible though dedicated APIs (Create, Delete, Read) Are accessible though the Key Value Map Policy Represent a collection of Keys and Values Can have the following scope: environment (only scope maintainable through API) apiproxy policy SAP SE or an SAP affiliate company. All rights reserved. Public 55
56 Key Value Map API Key Value Map Key Value Map API is part of API Portal It is OData compliant Url is: nt.svc/keymapentries Requires CSRF Token: Authenticated Call using HEAD Verb and Header x- csrf-token: fetch Subsequent call using supplied csrf token (and all supplied cookies) Header: csrf-token: <token value> Authorization: Basic dxnlcjpwyxnz Body: { "name":"km1", "keymapentryvalues":[ { "name":"username", "value":"user", "map_name":"km1" }, { "name":"password", "value":"pwd", "map_name":"km1" } ] } SAP SE or an SAP affiliate company. All rights reserved. Public 56
57 Key Value Map Policy Key Value Map Key Value Map Policy allows: Initial Entries Put Delete Get (most common) Get assigns a key value map entry to a variable in API Management SAP SE or an SAP affiliate company. All rights reserved. Public 57
58 Thank you.
FUJITSU Cloud Service K5 API Management. Function Manual. Version 1.4 FUJITSU LIMITED
FUJITSU Cloud Service K5 API Management Function Manual Version 1.4 FUJITSU LIMITED FUJITSU Cloud Service K5 API Management Function Manual Version 1.4 Date of issue: March 2018 All Right Reserved, Copyright
More informationTechnical Brief. A Checklist for Every API Call. Managing the Complete API Lifecycle
Technical Brief A Checklist for Table of Contents Introduction: The API Lifecycle 2 3 Security professionals API developers Operations engineers API product or business owners Apigee Edge 7 A Checklist
More informationCS 498RK FALL RESTFUL APIs
CS 498RK FALL 2017 RESTFUL APIs Designing Restful Apis blog.mwaysolutions.com/2014/06/05/10-best-practices-for-better-restful-api/ www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api Resources
More informationuick Start Guide 1. Install Oracle Java SE Development Kit (JDK) version or later or 1.7.* and set the JAVA_HOME environment variable.
API Manager uick Start Guide WSO2 API Manager is a complete solution for publishing APIs, creating and managing a developer community, and for routing API traffic in a scalable manner. It leverages the
More informationEdge Foundational Training
Edge Foundational Training Give your team the tools to get up and running with Edge Edge Foundational Training provides the tools and information needed to start using Edge whether in the cloud or on premises.
More informationRESTful API Design APIs your consumers will love
RESTful API Design APIs your consumers will love Matthias Biehl RESTful API Design Copyright 2016 by Matthias Biehl All rights reserved, including the right to reproduce this book or portions thereof in
More informationFUJITSU Cloud Service K5 - API Management Service Description
FUJITSU Cloud Service K5 - API Management Service Description August 8, 2018 1. API Management Service Overview API Management Service is built on Apigee Edge, an integrated API platform product provided
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationFUJITSU Cloud Service K5 - API Management Service Description
FUJITSU Cloud Service K5 - API Management Service Description March 22, 2018 1. API Management Service Overview API Management Service is built on Apigee Edge, an integrated API platform product provided
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationSAP API Management Cloud Connector PUBLIC
SAP API Management Cloud Connector PUBLIC Objectives After completing this unit, you will be able to: - Understand Cloud connector and its value proposition - Call an API accessible through Cloud Connector
More informationAzure Developer Immersions API Management
Azure Developer Immersions API Management Azure provides two sets of services for Web APIs: API Apps and API Management. You re already using the first of these. Although you created a Web App and not
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationAbout 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2
odata #odata Table of Contents About 1 Chapter 1: Getting started with odata 2 Remarks 2 Examples 2 Installation or Setup 2 Odata- The Best way to Rest 2 Chapter 2: Azure AD authentication for Node.js
More informationApigee Edge Cloud. Supported browsers:
Apigee Edge Cloud Description Apigee Edge Cloud is an API management platform to securely deliver and manage all APIs. Apigee Edge Cloud manages the API lifecycle with capabilities that include, but are
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationRed Hat 3Scale 2.0 Terminology
Red Hat Scale 2.0 Terminology For Use with Red Hat Scale 2.0 Last Updated: 2018-0-08 Red Hat Scale 2.0 Terminology For Use with Red Hat Scale 2.0 Legal Notice Copyright 2018 Red Hat, Inc. The text of
More informationCSCE 120: Learning To Code
CSCE 120: Learning To Code Module 11.0: Consuming Data I Introduction to Ajax This module is designed to familiarize you with web services and web APIs and how to connect to such services and consume and
More informationBIG-IP Access Policy Manager : Portal Access. Version 12.1
BIG-IP Access Policy Manager : Portal Access Version 12.1 Table of Contents Table of Contents Overview of Portal Access...7 Overview: What is portal access?...7 About portal access configuration elements...7
More informationZombie Apocalypse Workshop
Zombie Apocalypse Workshop Building Serverless Microservices Danilo Poccia @danilop Paolo Latella @LatellaPaolo September 22 nd, 2016 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationCNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies
CNIT 129S: Securing Web Applications Ch 3: Web Application Technologies HTTP Hypertext Transfer Protocol (HTTP) Connectionless protocol Client sends an HTTP request to a Web server Gets an HTTP response
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationApigee Edge Cloud. Supported browsers:
Apigee Edge Cloud Description Apigee Edge Cloud is an API management platform to securely deliver and manage all APIs. Apigee Edge Cloud manages the API lifecycle with capabilities that include, but are
More informationIntegration Service. Admin Console User Guide. On-Premises
Kony Fabric Integration Service Admin Console User Guide On-Premises Release V8 SP1 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the
More informationApigee Edge Start. Description. Key Features. Deployment. Limitations. Apigee Edge Start
Apigee Edge Start Description Apigee Edge Start delivers core API management capabilities as a cloud service. Apigee Edge Start is an entry-level offering for developers and startups - intended for API
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationApigee Edge Cloud - Bundles Spec Sheets
Apigee Edge Cloud - Bundles Spec Sheets Description Apigee Edge Cloud is an API management platform to securely deliver and manage all APIs. Apigee Edge Cloud manages the API lifecycle with capabilities
More informationGeneral. Analytics. MCS Instance Has Predefined Storage Limit. Purge Analytics Data Before Reaching Storage Limit
Oracle Cloud Mobile Cloud Service Known Issues 18.1.3 E93163-01 February 2018 General MCS Instance Has Predefined Storage Limit Each MCS instance has a set storage space that can t be changed manually.
More informationIntegration Service. Admin Console User Guide. On-Premises
Kony MobileFabric TM Integration Service Admin Console User Guide On-Premises Release 7.3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationConfiguring Anonymous Access to Analysis Files in TIBCO Spotfire 7.5
Configuring Anonymous Access to Analysis Files in TIBCO Spotfire 7.5 Introduction Use Cases for Anonymous Authentication Anonymous Authentication in TIBCO Spotfire 7.5 Enabling Anonymous Authentication
More informationInfoblox Authenticated DHCP
Infoblox Authenticated DHCP Unified Visitor Management amigopod Technical Note Revision 1.1 5 July 2010 United States of America +1 (888) 590-0882 Europe, Middle East & Asia +34 91 766 57 22 Australia
More informationManagement Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:
This chapter contains the following sections:, page 1 About the Management GUI, page 1 About the CLI, page 1 User Login Menu Options, page 2 Customizing the GUI and CLI Banners, page 3 REST API, page 3
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationApigee Edge Developer Training
Training Training DURATION: 4 or 5 days FORMAT: Instructor-led with labs DELIVERY: Public or Private class PREREQUISITES: None HOW IT WORKS: Days 1 4 cover the fundamentals of developing and securing s
More informationvcloud Director User's Guide
vcloud Director 8.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationUsing Development Tools to Examine Webpages
Chapter 9 Using Development Tools to Examine Webpages Skills you will learn: For this tutorial, we will use the developer tools in Firefox. However, these are quite similar to the developer tools found
More informationBIG-IP Access Policy Manager : Portal Access. Version 13.0
BIG-IP Access Policy Manager : Portal Access Version 13.0 Table of Contents Table of Contents Overview of Portal Access...7 Overview: What is portal access?...7 About portal access configuration elements...
More informationSalesforce IoT REST API Getting Started Guide
Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationOracle Transportation Management. REST API Getting Started Guide Release Part No. E
Oracle Transportation Management REST API Getting Started Guide Release 6.4.2 Part No. E83559-02 August 2017 Oracle Transportation Management REST API Getting Started Guide, Release 6.4.2 Part No. E83559-02
More informationConfiguring SIP Registration Proxy on Cisco UBE
The Support for SIP Registration Proxy on Cisco UBE feature provides support for sending outbound registrations from Cisco Unified Border Element (UBE) based on incoming registrations. This feature enables
More informationChapter 10 Web-based Information Systems
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 10 Web-based Information Systems Role of the WWW for IS Initial
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationSiebel REST API Guide. Siebel Innovation Pack 2017, Rev. A November 2017
Siebel REST API Guide Siebel Innovation Pack 2017, Rev. A November 2017 Copyright 2005, 2017 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under
More informationHealthcare Database Connector
Healthcare Database Connector Installation and Setup Guide Version: 1.0.x Written by: Product Knowledge, R&D Date: September 2016 2015 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationFIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE
FIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE Table of Contents Introduction... 2 Architecture Overview... 2 Supported Browser Versions and Technologies... 3 Firewalls and Login Sessions...
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationSIP System Features. SIP Timer Values. Rules for Configuring the SIP Timers CHAPTER
CHAPTER 4 Revised: October 30, 2012, This chapter describes features that apply to all SIP system operations. It includes the following topics: SIP Timer Values, page 4-1 Limitations on Number of URLs,
More informationReportPlus Embedded Web SDK Guide
ReportPlus Embedded Web SDK Guide ReportPlus Web Embedding Guide 1.4 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS REPRESENTATIONS OF WARRANTIES. IN ADDITION,
More informationvcloud Director User's Guide
vcloud Director 5.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationAT&T Developer Best Practices Guide
Version 1.2 June 6, 2018 Developer Delivery Team (DDT) Legal Disclaimer This document and the information contained herein (collectively, the "Information") is provided to you (both the individual receiving
More informationWeb Applications. Software Engineering 2017 Alessio Gambi - Saarland University
Web Applications Software Engineering 2017 Alessio Gambi - Saarland University Based on the work of Cesare Pautasso, Christoph Dorn, Andrea Arcuri, and others ReCap Software Architecture A software system
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationHealthcare Database Connector
Healthcare Database Connector Installation and Setup Guide Version: 3.1.1 Written by: Product Knowledge, R&D Date: May 2018 2008-2018 Hyland Software, Inc. and its affiliates. Table of Contents What is
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationAPI Best Practices. Managing APIs holistically across the enterprise
API Best Practices Managing APIs holistically across the enterprise APIs are critical to evolving application architectures Public clouds Microservices Distributed apps μservice μservice μservice μservice
More informationCoding Intro to APIs and REST
DEVNET-3607 Coding 1001 - Intro to APIs and REST Matthew DeNapoli DevNet Developer Evangelist Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationArcGIS Installation Guide
ArcGIS 10.4.1 Installation Guide ArcGIS for Desktop ArcGIS for Server Portal for ArcGIS ArcGIS for Desktop Installation ArcGIS for Desktop is available as Basic, Standard, or Advanced and all the downloads
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationOAuth 2 and Native Apps
OAuth 2 and Native Apps Flows While all OAuth 2 flows can be used by native apps, only the user delegation flows will be considered in this document: Web Server, User-Agent and Device flows. The Web Server
More informationUnderstanding RESTful APIs and documenting them with Swagger. Presented by: Tanya Perelmuter Date: 06/18/2018
Understanding RESTful APIs and documenting them with Swagger Presented by: Tanya Perelmuter Date: 06/18/2018 1 Part 1 Understanding RESTful APIs API types and definitions REST architecture and RESTful
More informationDell One Identity Cloud Access Manager 8.0. Overview
Dell One Identity Cloud Access Manager 8.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under
More informationAsema IoT Central Integration and migration. English
Asema IoT Central English Table of Contents 1. Introduction... 1 2. alternatives... 2 2.1. Simply move and run... 2 2.2. Asema IoT Central as a proxy for other systems... 5 2.2.1. Proxied HTTP requests...
More informationAzure Logic Apps. The big picture. API Apps, Logic Apps & API Management
Azure Logic Apps The big picture API Apps, Logic Apps & API Management Hyper-scale Agility Insight RICH EXPERIENCES BREADTH OF DEVICES { } One integrated offering WEB APPS Web apps that scale with your
More informationForescout. eyeextend for ServiceNow. Configuration Guide. Version 2.0
Forescout Version 2.0 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationStorageGRID Webscale NAS Bridge Management API Guide
StorageGRID Webscale NAS Bridge 2.0.3 Management API Guide January 2018 215-12414_B0 doccomments@netapp.com Table of Contents 3 Contents Understanding the NAS Bridge management API... 4 RESTful web services
More informationHealthcare Database Connector
Healthcare Database Connector Installation and Setup Guide Version: 3.0.0 Written by: Product Knowledge, R&D Date: February 2017 2015-2017 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark
More informationPolicy Settings for Windows Server 2003 (including SP1) and Windows XP (including SP2)
Web 2 Policy Settings for (including SP1) and XP (including SP2) This document was written by Conan Kezema. and XP together introduce more than 270 new administrative template policy settings for you to
More informationLEARN HOW TO USE CA PPM REST API in 2 Minutes!
LEARN HOW TO USE CA PPM REST API in 2 Minutes! WANT TO LEARN MORE ABOUT CA PPM REST API? If you are excited about the updates to the REST API in CA PPM V14.4 and would like to explore some of the REST
More informationBrowser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.
Lab Exercise HTTP Objective HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. HTTP functions as a request response protocol in the client server computing model. A web browser,
More informationWeb 2.0 and Security
Web 2.0 and Security Web 2.0 and Security 1. What is Web 2.0? On the client: Scripting the XMLHttpRequest object On the server: REST Web Services Mash-ups ups of Web Services used together to create novel
More informationNeat tricks to bypass CSRF-protection. Mikhail
Neat tricks to bypass CSRF-protection Mikhail Egorov @0ang3el About me AppSec Engineer @ Ingram Micro Cloud Bug hunter & Security researcher Conference speaker https://www.slideshare.net/0ang3el @0ang3el
More informationParticipant Handbook
Participant Handbook Table of Contents 1. Create a Mobile application using the Azure App Services (Mobile App). a. Introduction to Mobile App, documentation and learning materials. b. Steps for creating
More informationIBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3.1 April 07, Integration Guide IBM
IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3.1 April 07, 2017 Integration Guide IBM Note Before using this information and the product it supports, read the information
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationForeScout Extended Module for MobileIron
Version 1.8 Table of Contents About MobileIron Integration... 4 Additional MobileIron Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...
More informationWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger Ada Stéphane Carrez FOSDEM 2018 OpenAPI and Swagger Ada Introduction to OpenAPI and Swagger Writing a REST Ada client Writing a REST Ada server Handling security
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationIl Mainframe e il paradigma dell enterprise mobility. Carlo Ferrarini zsystems Hybrid Cloud
Il Mainframe e il paradigma dell enterprise mobility Carlo Ferrarini carlo_ferrarini@it.ibm.com zsystems Hybrid Cloud Agenda Exposing enterprise assets in the API Economy Era Deliver natural APIs from
More informationSIP System Features. SIP Timer Values. Rules for Configuring the SIP Timers CHAPTER
CHAPTER 4 Revised: March 24, 2011, This chapter describes features that apply to all SIP system operations. It includes the following topics: SIP Timer Values, page 4-1 SIP Session Timers, page 4-7 Limitations
More informationWeChat Adobe Campaign Integration - User Guide
WeChat Adobe Campaign Integration - User Guide Table of Contents 1. Verticurl App Account Creation... 1 2. Configuration Setup in Verticurl App... 2 3. Configure QR Code Service... 3 3.1 QR code service
More informationServerless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect
Serverless Architecture Hochskalierbare Anwendungen ohne Server Sascha Möllering, Solutions Architect Agenda Serverless Architecture AWS Lambda Amazon API Gateway Amazon DynamoDB Amazon S3 Serverless Framework
More informationCoveo Platform 6.5. Microsoft SharePoint Connector Guide
Coveo Platform 6.5 Microsoft SharePoint Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationLegal notices. Legal notices. For legal notices, see
Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents ColdFusion API Manager Overview......................................................................................1
More informationMindAccess DevOps Plan Product Sheet
MindAccess DevOps Plan Product Sheet MindAccess DevOps Plan consists of: MindAccess Developer Plan provides you with an Account to your own Resources on MindSphere to develop and test your applications.
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationAdvOSS AAA: Architecture, Call flows and implementing emerging business use cases
AdvOSS AAA: Architecture, Call flows and implementing emerging business use cases An AdvOSS White Paper Latest version of this white paper can always be found at http://advoss.com/resources/whitepapers/advoss-aaa-workflows.pdf
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationGoogle GCP-Solution Architects Exam
Volume: 90 Questions Question: 1 Regarding memcache which of the options is an ideal use case? A. Caching data that isn't accessed often B. Caching data that is written more than it's read C. Caching important
More informationMicroservices without the Servers: AWS Lambda in Action
Microservices without the Servers: AWS Lambda in Action Dr. Tim Wagner, General Manager AWS Lambda August 19, 2015 Seattle, WA 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Two
More informationTHOMSON REUTERS TICK HISTORY RELEASE 12.1 BEST PRACTICES AND LIMITS DOCUMENT VERSION 1.0
THOMSON REUTERS TICK HISTORY RELEASE 12.1 BEST PRACTICES AND LIMITS DOCUMENT VERSION 1.0 Issued July 2018 Thomson Reuters 2018. All Rights Reserved. Thomson Reuters disclaims any and all liability arising
More informationHighwinds CDN Content Protection Products. August 2009
Highwinds CDN Content Protection Products August 2009 1 Highwinds CDN Content Protection Products August 2009 Table of Contents CDN SECURITY INTRO... 3 CONTENT PROTECTION BY CDN DELIVERY PRODUCT... 3 HTTP
More information