In our February 2020 TechTalk, hosts Bill and Aran were joined by Michael Skolik, managing Consultant and Architect, Enterprise Studio by HCL Technologies. He described the steps necessary to achieve a high-performance architecture when using Docker, with an excellent Q&A at the end. Definitely worth watching!
Category: API Design
How-to: OpenID Connect Authentication for OAuth
As we know by now, the OAuth 2.0 protocol was built for authorization, not authentication. It excels at delegated authorization. Log in with Google? Sure. The OAuth protected API endpoint never sees your Google username and password. It doesn’t need to know who you are. In fact, like a discreet bouncer at an exclusive club,…
How-to: OAuth and SAML – A Love Story for Valentine’s Day
Naturally, OAuth 2.0 is the shining star of the OAuth Toolkit (OTK), the prima donna that performs center stage in Layer7’s API security implementation. But waiting in the wings with a bouquet of slightly wilted flowers is an older standard who once shone just as brightly before all those mobile apps came along. His name…
How To: Validate Your OAuth Implementation
Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that you’ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, it’s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access…
How To: OTK Solution Kit Installation
This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security…
How-To: OAuth Overview
Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth…
The benefits of JWT + JWS + JWE on API Designs
In this post I cover some good reasons to adopt JWT (JSON Web Token), JWS (JSON Web Sign), and JWE (JSON Web Encryption) in your API Designs. JWTs are a modern solution to an old problem: how to I know who this user is? They help us by being signed and stateless, and by having…
How to Use Policy to Retrieve a Portal API OAuth Token
An API Gateway can be a fast, easy way to manage entities in an API Portal. The Portal API (PAPI) provides entry-points to perform tasks such as onboard users, manage APIs that are protected by the gateway runtime, manage and update API versions and documentation, and administer API Management items such as application definitions, organizations,…
Denial of Service Attacks on The Rise!
Current industry reports for 2019 regarding Distributed Denial of Service (DDoS) attacks indicate a 776% increase for loads between 100 Gbps and 400 Gbps*. As the demand rises for companies to expose more API’s to the public, it becomes much more important to be able to quickly respond to cybercrime threats and changing tactics. We…
Enriching and Externalizing Gateway Metrics to Splunk
Overview Gateway metrics are a critical piece of intel to determine the health of Services and traffic throughput on an API Gateway. Using Layer7 API Management as an example, there are a few ways we can obtain this information: Policy Manager: Dashboard, PAPIM (Precision API Monitoring), sending this information to a monitoring solution via Gateway…