For more information, see the Axway Amplify Fusion documentation, https://docs.axway.com/bundle/amplify...
This demo features the method security override functionality of Amplify Fusion. It can be useful if you want to expose a specific API call method without requiring a user to authorize, for example, for publicly available, non-sensitive information searches.
In this video, you'll learn how to:
🔧 Set up the method security override in Amplify Fusion
📋 Check if a method has security overrides that are different from global security settings
🔓 Test your authorization requirements to see if a chosen method no longer requires authorization
Full transcript:
Hi. In this video, we're going to take a look at Axway Amplify Fusion’s API method override feature where I’m proxying an API or implementing an API, and I've applied security to that API, either API key, or OAuth, or other. And I would like to override the security of one or more of the methods in that API. So I have the different security scheme for certain methods in the API. So this is going to be a continuation of the Hello API proxy with API key security demo that we did before. So if you haven't seen that video, go take a look at it. But I’ve basically taken the pet store API swagger, imported it, and I am implementing a proxy on that. So I'll present this front end and this API key security and those calls will be a proxy to the backend if a proper API key is presented. So this API is running. And if I come here, let's take a look at the... what is this? This is the pet, find pet by status. So if I call that, you can see the response. And if you're wondering about that 500, that's actually coming from the direct PetStore API, they're having some sort of problem today and they're occasionally returning 500. So that's why when we proxy to that backend, we're going to see that 500 occasionally. Okay. And if I turn off the authorization, if I make it No Auth, and make my call, I'm going to get a 401 Unauthorized because we're implementing API key security as per our last video. And then I'll show you another method here. This is the Find Pet By Tags, and it's being proxied. And it is also using this API key authentication with this header. So now we should be caught up from the last video. And what I'd like to do is let me deactivate the API. And so these were the two methods that I demonstrated for you. And they're both secured by API key because that's the security for the entire API. But if I come down here to overrides, let's say I would like to remove the authentication for FindByStatus. So imagine you're a bank with secure APIs, but you would like to publicly expose your FindATM method because that's something you want people to be able to call, even if they're, you know, have not authenticated in their mobile app. So maybe that's an example. So what we do over here in the override section, I pick the method I want to override, and then I enter the settings for that so I can change the inbound security. And I'm going to change it to None. And I'm going to press Okay. And then I will save. And you can see there’s an indicator there that this is different than the rest. So let's test it out. All right. So I'll come back here to Postman. Now if I come back to Find pet by Status, obviously, even if it's all unauthenticated, I can send the API key. But the real question is, will this work? And it does. So without authentication, I can still call findbyStatus because that one has been overridden. However, if I come here to findByTags. Ignore that 500. It's working. And if I turn off the authentication, it will not work because I'm unauthorized. So in this video, we saw how Axway’s Amplify Fusion method override feature works by taking a look at the pet store API that was proxied and secured by API key. And then we did a method override on one of the methods and removed the authentication. Thank you.
#Axway #API #fusionplatform
Информация по комментариям в разработке