Software AG Tech Community & Forums

webMethods.io API Gateway: Securing APIs using Payload Element

Vikash_Sharma1 (Vikash Sharma) July 27, 2020, 2:18pm 1

Introduction

This article explains how to secure API’s using Payload Element.

Audience

It is assumed that readers of this article know how to setup API’s on API gateway.

Prerequisites

Configure the API at API gateway.
Create Application and associate API with application.
Refer the link to create API: https://github.com/SoftwareAG/webmethods-api-gateway

In this case API is configured at API gateway “payloadIdentifier”

Use Case Description

Sending JSON\XML request payload
Request will be rejected if value doesn’t match with value configured at API gateway.

Configure Policy at API Gateway

Open the API
Navigate to Policies
Select Identify and Access

Select Identify & Authorize Application

Select payload element and applications as a Registered application.

In this case, input payload is JSON type, therefore expression type is set as jsonPath.

Configure the Payload Identifier at Application

Navigate to application
Edit the application.
Add Payload Identifier.

Set the payload Identifier, in this case value is set to 12345

Request Payload

{
  "Id": 12345,
              "Customer": "John Smith",
              "Quantity": 1,
              "Price": 10.00
}

Test from Postman Client

Trigger the request from postman client with json request.

Positive test Case

When in the payload Id value is set as ‘12345’, then request will get to next stage

Negative Test Case

When in the payload Id value is not set as ‘12345’, then request will get failed.

Steps for XML Request Payload

Similarly, we can test for xml input by setting xpath instead of json path
Xml Request Sample
In this payload identifier is set up for Login node

<?xml version="1.0" encoding="utf-8"?>
<Request>
    <Login>loginValue</Login>
    <Password>password</Password>
</Request>

Xpath Configured at API Gateway

Navigate to the policies and set the xpath in the same way as done for json request payload

Configure Value at Registered Application

Navigate to application
Set the value at application level

Test Using Postman Client

Check also:

webMethods.io API Gateway: Securing APIs using SSL Certificate

webMethods.io API Gateway: When To Use Routing Policies