In this video, learn how you can harden your SnapLogic APIs to the enterprise security standards with OAuth 2.0.
SnapLogic May 2019 Release: API Management Updates
Hi! With SnapLogic API Management, a solution we launched in a previous product release, organizations can effectively use APIs to build a digital ecosystem. You can share APIs created via the SnapLogic Intelligent Integration Platform with API consumers who may be internal or external to your organization. And, in the context of API sharing, it is imperative that API Managers are able to secure and control access to SnapLogic APIs through industry-recognized standards such as OAuth2. As part of the 4.17 release, customers leveraging SnapLogic API Management can now secure their APIs through OAuth2 authentication. SnapLogic’s OAuth2 implementation focuses on three key personas:
The API Consumer – or the end user of the API. The API Manager – or the SnapLogic user with credentials to develop and publish APIs and proxies to the API Gateway. And, the Client Application Developer – or the person who develops thirrd-Party applications
In this video, we will demonstrate the necessary steps to apply the OAuth2 API policy before publishing the Proxy onto the API Management layer. To get this set up, navigate to the SnapLogic Manager UI and drill down into the project that needs to be managed through the API Management layer. Switch to the “Proxies” tab and initiate the “New Proxy Creation” wizard.
First, assign a unique name to the proxy. Next, select the tasks or APIs that need to be added to this proxy. Next, choose the policies that need to be applied to this proxy. For this demo, I will select the “OAuth 2” and CORS policies in addition to the Basic Authentication policy. Next, review the selections that have been made so far and, if everything looks good, go ahead with the deployment of the proxy onto the API MAnagement layer.
Once the proxy is deployed, go back to the SnapLogic Manager UI and drill down into the proxy. Now, switch to the “OAuth Apps” tab to create a new OAuth2 application. To create a new OAuth2 application, provide:
A unique name. A redirect URI for the application. And, a list of API consumer users that are tied to this application
Once you click on the ‘Create’ button, a new OAuth2 application is created.
Next, register the application to a particular proxy. For this demo, we will demonstrate the OAuth 2 authentication flow using the SnapLogic REST OAuth2 account.
To create a new ‘REST OAuth 2 Account’ account, pass values associated with a particular API that exists within the Proxy. Pass the client-id and the client-secret for the OAuth 2 application that was just created. Next pass the ‘Authentication Endpoint URL’ and ‘Token Endpoint URL’ that is associated with a given API. After that, pass the authentication endpoint configurations. The first authentication parameter is the ‘proxy url’, while the second one is the ‘Scope’. Once you put in all values, click “Authorize.”
The application authorizes the account after authenticating the API consumer. The authorize page represents the login page of a client application where API consumer authenticates. Upon successful authentication, the API Manager has the option to “Allow” or “Deny” access to the OAuth application that is attempting to access the API on behalf of an authenticated API Consumer. The API Manager generally grants access while working with trusted OAuth2 applications. As a part of this flow, the API management layer receives the Access token, the Refresh token, and the Access token expiration time stamp for the client application.
As a last step, we have developed a pipeline in SnapLogic that references the new ‘REST OAuth2 account’, which serves as the OAuth2 application for the purpose of this demo. The API that I am using to demonstrate the OAuth2 flow is a POST-based API. So, I will use the Rest POST snap to invoke the API and pass a JSON payload to the API. Successful pipeline execution indicates that both the API invocation and execution was successful. We can look at the statusCode of the API execution to confirm that it was successful.
Thank you for watching this video, if you would like to know more about SnapLogic API Management, please visit SnapLogic.com.