apiGrove GUI WSSE authentication
This apiGrove tutorial demonstrates how to use WSSE authentication to restrict access your API.
Please ensure the following prerequites are met
- A working install of apiGrove and apiGroveGUI
- A web browser
- Open your installed apiGrove GUI url in a browser
- Login to apiGroveGUI /dev/images/apiGroveGUI_Login.png
- Click on API in the top menu
- Click Create New
- Enter a Name for your API 'myWSSETweets'
- Enter an Endpoint
- Enter the target host where this API is hosted
- Click Part Advanced button
- Click The Enabled button (makes your API active immediately upon creation)
- Unclick the No Auth button (disable anonymous access)
- Click the ‘WSSE’ button for Authenitcation Type
- Leave the HTTPS button unclicked
- Enter 9 for the Transactions Per Second (TPS) Threshold
- Enter 10 for the Transactions Per Minute (TPM) Threshold
- Select the GET button for allowed HTTP calls
- Click Save
- apiGrove GUI returns a success message and lists your onboarded API
- Click on Auth in the top menu
- Click Create New
- Enter an ID 'WSSEtwitter' for this auth
- Click the WSSE Type button
- Enter Username 'test'
- Enter Pasword Tester
- Click Save /dev/images/apiGroveGUI_Auth_WSSE.png
- 'wssetwitter' is displayed in a listing of your auths
The policy associates the auth with your API.
- Click on Policy in the top menu
- Click Create New
- Enter ID twittterWSSEPolicy
- Select the API created in earlier steps
- Select the Auth created
- Click submit query
- Attempting to access the API without the correct username and password returns a unauthorized message
- Accessing the API with the correct username and password returns search results from the twitter API