Hello community members,
We have implemented the 3scale API Gateway and we've been trying to use the 3Scale API Management tool. However, we found a lot of issues with customizing that tool. One of the options we've been considering is to use a different management tool. Is it possible?
For example, can we use 3 SCALE API Gateway and Mulesoft Anypoint API Manager for 3scale API management? An...
Integration Architect at a tech consulting company with 201-500 employees
Jul 12, 2022
Hi @Niki Shetty,
Usually, all these API Mgmt platforms are built with a proprietary integration in mind. I doubt such cross-product integration is possible.
However, can you elaborate more on the below:
1. What customizations you were into that are causing pain?
3Scale is not best vis-a-vis that activity. The best tool here could be WSO2 which allows a lot of customizations.
2. What management activity you are looking into, to offload to another tool like Mulesoft AAPIM?
3. What type of deployments are you into? Stand-alone? Kubernetes? etc?
Hi @Niki Shetty,
We know this very well. Every so-called API runtime, i.e. an API gateway, is fixed to its own technology. In other words, API integration is the new vendor lock-in.
What we have learned is that there is an urgent need for a higher-level API control plane. So you separate the API management from the so-called runtime. You can also call this API Master Management. This dramatically reduces complexity, creates friendly API developers and increases security. If you need something - we're there for you.
Solutions Architect at a financial services firm with 1,001-5,000 employees
Dec 9, 2021
1. For authentication and authorization we can secure our API using plugins on KONG: OpenID Connect and application registration plugin. OpenID Connect can be integrated with IDP provider MS Azure AD.
2. JWT plugin provided in KONG can also be used for authorization purposes.
All these are JWT-based mechanisms.
Hi Evgeny, It depends on what type of API we are talking about. Kong was already mentioned, but there are multiple others as well. One of the best Open Source packages for API management available right now is Gravitee.io. We are both Gravitee and Kong partners, so feel free to reach out if you have any questions.
Usually, you move authentication from your upstream APIs to an API gateway.
Additionally, you can do schema validation, so that the requests that arrive at your backend have been checked for validity. For some extra security, you can sanitize inputs or scan for known injection vectors.
You can read more about API security in our blog: The Ultimate Guide to API Security - APIIDA
Hope this helps!
Dear PeerSpot community members,
Welcome to the latest PeerSpot Community Spotlight, where we sum up the most relevant recent postings by your peers in the community.
Check out the latest questions, articles and professional discussions contributed by PeerSpot community members!
Here are some topics that your peers are discussing at the moment:
What is your recomme...
What is software extensibility?
Extensibility is the ability of the software system to allow and accept the significant extension of its capabilities without major rewriting of code or changes in its basic architecture. Extensible systems provide technology, tools, languages designed so that developers can expand or add to their capabilities.
What are some of the benefits customers get ou...