I am integrating third party APIs with my client's project, these APIs are ip restricted and I have whitelisted my ip but it still saying unauthorized because API call from system is using something like 2400:adc5:141:ee00:1138:e001:16ac:2ed instead of my public ip. What are the possible reason of this?
Any help will be greatly appreciated.
Related
I am pretty new to Authorization/Authentication with openid connect. I guess I lack some basic understanding on how to set up a proper backend infrastructure.
There's a keycloak server running through which I want to authorize/authenticate my customers.
The user logs in by his company credentials and then should be authorized/authenticated against our backend service, which provides a REST-API.
So our part is to implement the backend service and use openid connect as authorization/authentication.
Could you tell me what components/software needs to be implemented on our side?
Often the Authorization Server is an external cloud system that your UIs and APIs just point to, with URLs equivalent to this:
https://api.mycompany.com/myapi
https://web.mycompany.app/myapp
https://login.mycompany.com
Not sure if this quite matches your setup but typically you provide some or all of these domains:
API
Web Hosting
Authorization Server (Keycloak)
My personal preference is to use Local Developer PC Domains to match the above. If it helps you might just be able to repoint my Open Id Connect
Code Sample to your infra once configured, in order to verify that it works.
I have an application that has a couple of features that I would like third parties business to avail of. for example the user information gets passed to us and we run ID checks and send back a token with information.
I think I can use a third party API management service like 3scale but what do I have to do on my end to 'expose' this API?
Thanks!
With AWS API Gateway, you can setup a simple http proxy to your application. Based on your needs, you can use features like auth, throttling, API keys management, client certificates etc.
Here is a blog explaining some of this.
Hope this helps, Ritisha.
As mentioned by Ritisha, API Gateway definitely can work, but it is sort of lock it.
I would recommend checking https://tyk.io/, which is an open source Gateway with commercial options. And for example it provides you Cloud version, where you do not need to expose any ports on your side at all. You just configure your API in dashboard and can just bind your CNAME record to the proxied API. This should work really well to try it out. And if you grow up this options, you can host it on your own, or use Hybrid environment, when all user requests come to your own server (no 3-rd parties), but on the other hand, have nice configuration dashboard in the cloud.
Hope it helps!
I am Java developer and my customer wants to make web application using CKAN.
But he wants too many functions more over CKAN offers or not corresponds with CKAN's architecture.
So I decided to write Java program which has functions that customer wants and calls CKAN's RESTful API using Apache HttpComponent
But I encountered authorization issue.
Because my To-Be system will works without login to CKAN, I have to know users API-KEY when I call some apis need authorization.
But I can't get API-KEY unless login CKAN site(right?) and I think that getting someone's API-KEY by another way is nonsense.
If you don't think so, could you tell me how to get users API-KEY?
I also considered another way making all objects need authorization public.
But some apis send authorization error when I don't put API-KEY in Http header whether the object I intend to handle is public or private
Because of these reasons, development is been delaying.
Could you give me some advice?
The only way to get a user's API key is for the user herself to login to the CKAN web interface and go to their profile page.
If you're writing an API client, the way a client would normally work is to ask the user to enter their username and API key, either in a configuration file or into a GUI.
I'm trying to construct a webapp to add events to an employee's google calendar and would like to use OAuth for authentication.
However, my webapp is forced to be on an intranet behind a firewall; the server has outbound internet access, but blocks in-bound access if you aren't on the intranet or VPNing into the intranet.
I'm reading up on OAuth, but can't figure out if part of the authentication-handshaking process would be blocked by my firewall. (And I'd like to know if its possible before spending time to implement if it isn't possible; and know so if I run into errors I can debug them).
To expand on planetjones's answer, as long as google can resolve the DNS for your application url oauth2 should work behind a fire wall. We had some issues getting getting oauth2 working behind our firewall because we were trying to use a non fully qualified domain name.
OAuth should work just fine over http, using POSTs and GETs and if your client can set the Authorizatioon header. The client should create all the requests and as long as it follows redirects this should be ok - there's never (to my knowledge) a case where an external server initiates an inbound connection.
For added confidence try OAuth with an existing third party service from behind your firewall to be sure. This looks like a good starting point and this is the definitive guide for following the flows of an OAuth call.
I'm trying to connect with a webservice that's in a password protected host, i.e. you must enter user+pass to access the remote WSDL.
The key word there is "trying", I have a client made by WSDL2JAVA that works ok if the service is unprotected, but I can't find how to add the login to that code.
To clarify, it's not the webservice who demands authentication, but the site itself. I'm testing with a secured realm in a tomcat server, but I'm lookin for a platform independent solution.
Has anybody been able to do this?
I've found a solution:
First create a HttpClient object and authenticate it, as explained here. Then without closing that connection, connect with the webservice as usual.
And that's it. I'm not sure why that works, I think that the java process saves the connection cookie or something like that.