webMethods.io API Gateway: Securing APIs using Payload Element

Vikash_Sharma1 · July 27, 2020, 2:18pm

Introduction

This article explains how to secure API’s using Payload Element.

Audience

It is assumed that readers of this article know how to setup API’s on API gateway.

Prerequisites

Configure the API at API gateway.
Create Application and associate API with application.
Refer the link to create API: https://github.com/SoftwareAG/webmethods-api-gateway

In this case API is configured at API gateway “payloadIdentifier”

Use Case Description

Sending JSON\XML request payload
Request will be rejected if value doesn’t match with value configured at API gateway.

Configure Policy at API Gateway

Open the API
Navigate to Policies
Select Identify and Access

Select Identify & Authorize Application

Select payload element and applications as a Registered application.

In this case, input payload is JSON type, therefore expression type is set as jsonPath.

Configure the Payload Identifier at Application

Navigate to application
Edit the application.
Add Payload Identifier.

Set the payload Identifier, in this case value is set to 12345

Request Payload

{
  "Id": 12345,
              "Customer": "John Smith",
              "Quantity": 1,
              "Price": 10.00
}

Test from Postman Client

Trigger the request from postman client with json request.

Positive test Case

When in the payload Id value is set as ‘12345’, then request will get to next stage

Negative Test Case

When in the payload Id value is not set as ‘12345’, then request will get failed.

Steps for XML Request Payload

Similarly, we can test for xml input by setting xpath instead of json path
Xml Request Sample
In this payload identifier is set up for Login node

<?xml version="1.0" encoding="utf-8"?>
<Request>
    <Login>loginValue</Login>
    <Password>password</Password>
</Request>

Xpath Configured at API Gateway

Navigate to the policies and set the xpath in the same way as done for json request payload

Topic		Replies	Views
webMethods.io API Gateway: Securing APIs using SSL Certificate Knowledge base webMethods , API-Management , API-Gateway	0	2889	July 27, 2020
Defend your APIs with webMethods API Gateway Threat Protection Policies Knowledge base webMethods , API-Management , API-Gateway , security	1	1587	July 12, 2023
webMethods.io API Gateway certificate based mutual authentication Knowledge base webMethods , webMethods-io-Integration , API-Management , API-Gateway	0	1298	March 29, 2023
WSS Inbound policies in API Gateway Knowledge base webMethods , API-Management	0	2145	November 27, 2017
Request Processing using Data Masking Policy Knowledge base webMethods , API-Gateway	0	1539	September 30, 2020

webMethods.io API Gateway: Securing APIs using Payload Element

Introduction

Audience

Prerequisites

Use Case Description

Configure Policy at API Gateway

Configure the Payload Identifier at Application

Request Payload

Test from Postman Client

Positive test Case

Negative Test Case

Steps for XML Request Payload

Xpath Configured at API Gateway

Configure Value at Registered Application

Test Using Postman Client

Check also:

webMethods.io API Gateway: Securing APIs using Payload Element

Introduction

Audience

Prerequisites

Use Case Description

Configure Policy at API Gateway

Configure the Payload Identifier at Application

Request Payload

Test from Postman Client

Positive test Case

Negative Test Case

Steps for XML Request Payload

Xpath Configured at API Gateway

Configure Value at Registered Application

Test Using Postman Client

Check also:

Related topics