As we know by now, the OAuth 2.0 protocol was built for authorization, not authentication. It excels at delegated authorization. Log in with Google? Sure. The OAuth protected API endpoint never sees your Google username and password. It doesn’t need to know who you are. In fact, like a discreet bouncer at an exclusive club, it prefers not…
Category: All API & Microservices Content
Secure your GraphQL Implementation with an API Gateway
Do APIs, not security in your GraphQL I can’t remember the last time I was excited about a new technology like I am with GraphQL. I don’t think there is anything I don’t like about it- at least not yet! I have not been leveraging it every day as my job so keep that in mind, however I…
How-to: OAuth and SAML – A Love Story for Valentine’s Day
Naturally, OAuth 2.0 is the shining star of the OAuth Toolkit (OTK), the prima donna that performs center stage in Layer7’s API security implementation. But waiting in the wings with a bouquet of slightly wilted flowers is an older standard who once shone just as brightly before all those mobile apps came along. His name is SAML. SAML…
How To: Validate Your OAuth Implementation
Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that you’ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, it’s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access the OAuth test…
Next TechTalk Session is April 29
API Academy TechTalks are back! Join hosts Aran White and Bill Oakes for the reboot of our popular live webinar series, where we discuss both industry trends and technical tips – and host a Q&A session with viewers, every month. Register for upcoming episodes to participate in our live webcasts, or watch previous instalments on-demand. Upcoming Sessions Past…
How To: OTK Solution Kit Installation
This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security for API endpoints. The…
Using Consul as a Source of Truth in Microservices
App Economy and Microservices In today’s app economy, APIs are playing an essential role in helping customers to achieve their digital transformation goals. In this process, enterprises are trying to convert their monolithic applications into more granular and autonomous microservices to support their business objective and also speed to market. Consul as Source of Truth In a microservices…
How-To: OAuth Overview
Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth 2.0 (authorization) and…
TechTalk: Building API-Aware Service Meshes
In our first TechTalk of 2020, hosts Bill and Aran introduce Jay Thorne, Head of Product Strategy at Broadcom’s Layer7 API Management. He talks about Building API-aware Service Meshes with Layer7 and Istio, and includes a demo plus a comprehensive Q&A session.
The benefits of JWT + JWS + JWE on API Designs
In this post I cover some good reasons to adopt JWT (JSON Web Token), JWS (JSON Web Sign), and JWE (JSON Web Encryption) in your API Designs. JWTs are a modern solution to an old problem: how to I know who this user is? They help us by being signed and stateless, and by having a common data…