webMethods Developer Portal trying out an JWT Protected API

Introduction

In this tutorial you will be learning how to request for JWT token to try out an JWT protected API from webMethods Developer Portal try out page.

Pre-requisite

The tutorial assumes that the reader has:

  • a basic understanding of API Gateway’s its policy enforcement and webMethods Developer Portal
  • a basic knowledge JSON web tokens (https://jwt.io/introduction/ )

In this tutorial the basic details of how to setup API Gateway as JWT Generator & Validator will be covered. But for more details you could refer the following tutorial JWT in API Gateway

Steps to follow

Step 1: Enable HTTPS port in API Gateway

The JWT token request by default could be invoked via https only. To ensure https port is enabled go to Administration → Security → Ports

Step 2: Configuring JWT in API Gateway

  1. Go to Administration page, click on “Security” tab and click on “JWT” section.
  2. Under JWT configuration section, Provide “Token issuer” name, “Algorithm”, “Expiry duration”, "Keystore alias informations and click “Save” button.

Step 3: Importing an API into API Gateway and Enforcing JWT

Let me import an API to get latest bitcoin price

Edit an API in API Gateway. Click Edit. Click Identity and Access management. Click Identify and authenticate icon. Tick JWT. This procedure will enforce JWT authorization for this service.

JWT can be used only if the https enabled for the service, to do that select https in Transport level policy

Then Activate an API

Step 4: Registering webMethods Developer Portal in API Gateway

Go to Administration → Destinations → API Portal → Configurations. Provide the webMethods Developer Portal communication details and Publish. Note the JWT token request would work only on top of https connection. So ensure you provided https URL of API Gateway

Next publish an API, ensure you have published https endpoint

Step 5: Request an Application for an API from webMethods Developer Portal

Login to webMethods Developer Portal. You must be seeing the published API. Click the API. Click consume button to request new application

The request would create an Application in API Gateway and the credentials would be shared to webMethods Developer Portal

Step 6: Requesting an JWT and trying out an API

Now we have an Application, to request JWT token go to tryout page of an API and select an Application,

Click ‘+’ button. Provide username and password and then Get token

Now you will be able to view the token in webMethods Developer Portal. Now if you hit the send button you will be able to access the API