Layer7 API Management

  • Private Community
  Thread closed by the administrator, not accepting new replies.

  • 1.  OAuth and Gateway scenario

    Posted Mar 08, 2019 05:20 PM
    No replies, thread closed.

    I am new to CA API Gateway and OTK tool kit. I have gateway 9.2 and OTK 4.1 installed. Our developers have developed a REST API that returns confidential data using API tool. As an administrator to CA Gateway, I need to publish it on gateway and secure it. Our ISO's direction is to use MFA to secure it. I am planning to use OAuth 2.0 to secure it along with HTTP Basic credentials from identity provider.

    1. Does it make 2 factor?

    2. Does somebody have a sample or template on how should I publish this on Gateway using OAuth. 

    3. This API will be consumed by external partners so I will have to open it on internet. but I would like to secure it so it is not compromised. Is there any template anybody has for this kind of scenario?

    4. Should I use Client Credential grant flow for this scenario as this will be a machine-to-machine communication but from out side firewall?

    5. I do not want external partner to hit our OAuth server again and again for the same request. how can I achieve that?



  • 2.  Re: OAuth and Gateway scenario

    Broadcom Employee
    Posted Mar 08, 2019 06:23 PM
    No replies, thread closed.

    Good afternoon,

     

    MFA is anytime multiple methods of authentication are used to authenticate a user. We have a 7 part series that outlines how to secure an API using OTK just ignore the additional pieces for Mobile in the video series.

     

    Building an API - Part 1
    https://youtu.be/BJCxSraixtg
    Building an API - Part 2
    http://youtube.com/watch?v=0DX95BIAYw4
    Building an API - Part 3
    http://youtube.com/watch?v=-r4H6vsugFk
    Building an API - Part 4
    http://youtube.com/watch?v=RIVbFyarPSs
    Building an API - Part 5
    http://youtube.com/watch?v=vxk7_-RFAxo
    Building an API - Part 6
    http://youtube.com/watch?v=pOuJPnp4zOk
    Building an API - Part 7
    http://youtube.com/watch?v=xLYBm0qiBZ4

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support



  • 3.  RE: Re: OAuth and Gateway scenario

    Posted Nov 02, 2021 04:24 AM
    No replies, thread closed.
    Will these videos be made public?
    Original Message


  • 4.  RE: Re: OAuth and Gateway scenario

    Broadcom Employee
    Posted Nov 03, 2021 12:43 PM
    No replies, thread closed.
    These are no longer available and are quite dated. We are in the process of building out training video content on the IMS Academy Site located here: https://imsacademy.broadcom.com/ 

    There are a number of videos for Layer7 already and we are continuing to add more over time.
    Original Message


  • 5.  RE: Re: OAuth and Gateway scenario

    Posted Nov 04, 2021 09:54 AM
    No replies, thread closed.
    Hello,

    I am looking for info about API LIVE CREATOR. Is it deprecated?

    Thanks a lot.

    Sin más que agregar / No more to add.

    ¡Saludos! / Regards!






    Original Message


  • 6.  RE: Re: OAuth and Gateway scenario

    Broadcom Employee
    Posted Nov 04, 2021 10:03 AM
    No replies, thread closed.
    This is off topic for this thread, but you can find the Live API Creator End of Life date on the support site here: https://support.broadcom.com/external/content/release-announcements/CA-Live-API-Creator-Release-and-Support-Lifecycle-Dates/5252
    Original Message