Using API Key in the RESTStub microservice
API Keys can be used instead of a username to identify the user for a request. When Fiorano RestStub checks for the query parameter "APIKey", if it is not found, it checks for the Header Param "APIKey" and validates the user if the user has the permission to invoke that particular service.
The example below illustrates the use of this functionality.
- Create an Event Process and add a RestStub microservice. In the wizard (1 of 3) panel of RestStub's CPS, provide a value for the Service Name property (Eg: 'Sample') and click Next.
Click the Additional Configuration tab and enable the Use API Keys property.
This enables API Security. When this security is enabled, RESTStub expects a query parameter "APIKey" which has the user key as its value.
- Click Next and click Finish to save the configuration.
- Launch the event process after checking resources and connectivity.
- Log on to the Dashboard and navigate to ENDPOINTS > REST services and click the Security tab.
- Add an API by clicking Add button. Provide Username and Context (Service name used in RestStub) and click Add user.
- User gets added to the list. Copy the API Key and save it somewhere to use it in a later step.
- Right-click the RestStub component and click the Copy WADL URL option.
- Create another Event Process with Feeder > RestConsumer > Display.
- Open the CPS of the RestConsumer microservice, enable Load WADL property, select the From URL option and paste the WADL URL which was copied earlier (step 8) in the text box. Click the Load WADL button.
- In the Configuration panel under the Create/Edit WADL section, go to the GET option. In the Parameters tab, add a parameter with Name (Eg: APIKey) and ID and finish the configuration.
- Click Next and Back to see the parameter name updated.
Configure the Feeder microservice by connecting it to RestConsumer and fetch the schema from RestConsumer input port. Copy the API Key from Dashboard (created in step 10) and provide this value for the element 'APIKey' in the Feeder input. Below is a sample input:
Sample Input
CODE<ns1:Request xmlns:ns1="http://www.fiorano.com/services/rest"> <ResourceParameters> <resource/> </ResourceParameters> <RequestParameters> <APIKey>MjU3NzQ3NDI1MTM0NzY5</APIKey> </RequestParameters> <Parameters> <Parameter name="name" style="style">string</Parameter> </Parameters> </ns1:Request>- Launch the event process and send the input from Feeder.
Check for API validation in the output. If the provided APIKey is correct, below is how the output looks like:
CODE<?xml version="1.0" encoding="UTF-8"?> <ns1:Responses xmlns:ns1="http://www.fiorano.com/services/rest"> <Response Status="200"> <ResponseParameters> <Transfer-Encoding>chunked</Transfer-Encoding> <Content-Type>text/html</Content-Type> <Server>Jetty(6.1.25)</Server> </ResponseParameters> <Representations> <Representation MediaType="text/html"> <Element> <?xml version="1.0" encoding="UTF-8"?> <ns3:Responses xmlns:ns3="http://www.fiorano.com/services/rest" xmlns:ns1="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Response> <Representations> <Representation> <Element>APIKey</Element> </Representation> </Representations> </Response> </ns3:Responses> </Element> </Representation> </Representations> </Response> </ns1:Responses>If the provided APIKey is incorrect, output displays 'APIKey is not valid'. Below is the output when incorrect APIKey is provided in the input:
CODE<?xml version="1.0" encoding="UTF-8"?> <ns1:Responses xmlns:ns1="http://www.fiorano.com/services/rest"> <Response Status="403"> <ResponseParameters> <Transfer-Encoding>chunked</Transfer-Encoding> <Content-Type>text/html</Content-Type> <Server>Jetty(6.1.25)</Server> </ResponseParameters> <Representations> <Representation MediaType="text/html"> <Element>APIKey is not valid</Element> </Representation> </Representations> </Response> </ns1:Responses>
