Youâ€™ve spent months building a GraphQL API. The schema is just right, and your front-end developers are thrilled with it. At first itâ€™s only exposed internally, so youâ€™re not that worried about security, but then as different clients find out that you have this awesome API out there, they want to start using it as […]
Hosts Aran and Bill were joined by Aric Day, Layer7 Solution Strategist, for an introduction to OAuth and OpenID Connect, and how these work together to ensure a hardened solution.
GraphQL is undeniably gaining traction in the Enterprise. TechTalk hosts Bill and Aran were joined by Broadcom Technology Partner Arvata for an introduction to GraphQL and an exciting unveiling of Arvataâ€™s innovation that enables gateways to function as an Enterprise GraphQL server and GraphQL proxy. Arvata demonstrated how easy it is to use their GraphQL […]
Feel free to jot this down: RFC7519. We all have our favourite IETF standards, donâ€™t we?Â Something we read again and again in front of the roaring fireplace with our slippers on. Something to chuckle at in darker times, to ponder over, and oh yes, to shed a tear for, whilst contemplating the sheer brilliance […]
In our February 2020 TechTalk, hosts Bill and Aran were joined by Michael Skolik, managing Consultant and Architect, Enterprise Studio by HCL Technologies. He described the steps necessary to achieve a high-performance architecture when using Docker, with an excellent Q&A at the end. Definitely worth watching!
As we know by now, the OAuth 2.0 protocol was built for authorization, not authentication. It excels at delegated authorization. Log in with Google? Sure. The OAuth protected API endpoint never sees your Google username and password. It doesnâ€™t need to know who you are. In fact, like a discreet bouncer at an exclusive club, […]
Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that youâ€™ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, itâ€™s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access […]
This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security […]
Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth […]