3scale

Integrating third-party identity providers with Red Hat 3scale API Management

Integrating third-party identity providers with Red Hat 3scale API Management

This post describes how to configure OpenID Connect (OIDC) authentication using an external Identity Provider (IdP). With the new release of Red Hat 3scale API Management, version 2.3, it is possible to use any OIDC-compliant IdP during the API authentication phase. This is a very important new feature because it makes it possible to integrate any IdP already present in your environment—without having to use an Identity Broker—thus reducing overall complexity.

Continue reading “Integrating third-party identity providers with Red Hat 3scale API Management”

Share
Adding API Gateway Policies Now Easier With Red Hat 3scale API Management

Adding API Gateway Policies Now Easier With Red Hat 3scale API Management

With the June 2018 release of Red Hat 3scale API Management 2.2, adding API Gateway policies to your API management layer is easier than ever.

What is a Policy?

Red Hat 3scale API Management provides units of functionality that modify the behavior of the API Gateway without the need to implement code. These management components are know in 3scale as policies. The configuration for the bundled policies is available from the API Manager Portal, where you can define the behavior of your API integration.

The order in which the policies are executed, known as the “policy chain”, can be configured to introduce differing behavior based on the position of the policy in the chain. Adding custom headers, perform URL rewriting, enable CORS, and configurable caching are some of the most common API gateway capabilities implemented as policies.

Continue reading “Adding API Gateway Policies Now Easier With Red Hat 3scale API Management”

Share
An API Journey: From Idea to Deployment the Agile Way–Part III

An API Journey: From Idea to Deployment the Agile Way–Part III

This is part III of a three-part series describing a proposed approach for an agile API lifecycle: from ideation to production deployment. If you missed it or need a refresher, please take some time to read part I and part II.

This series is coauthored with Nicolas Massé, also a Red Hatter, and it is based on our own real-life experiences from our work with the Red Hat customers we’ve met.

In part II, we discovered how ACME Inc. is taking an agile API journey for its new Beer Catalog API deployment. ACME set up modern techniques for continuously testing its API implementation within the continuous integration/continuous delivery (CI/CD) pipeline. Let’s go now to securing the exposition.

Continue reading “An API Journey: From Idea to Deployment the Agile Way–Part III”

Share
An API Journey: From Idea to Deployment the Agile Way–Part II

An API Journey: From Idea to Deployment the Agile Way–Part II

This is part II of a three-part series describing a proposed approach for an agile API lifecycle from ideation to production deployment. If you missed part 1 or need a refresher, please take some time to read part I.

This series is coauthored with Nicolas Massé, also a Red Hatter, and it is based on our own real-life experiences from our work with the Red Hat customers we’ve met.

In part I, we explored how ACME Inc. is taking an agile API journey for its new Beer Catalog API, and ACME completed the API ideation, contract design, and sampling stages. Let’s go now to mocking.

Continue reading “An API Journey: From Idea to Deployment the Agile Way–Part II”

Share
Red Hat Summit 2018: Learn how other developers are producing cloud-native applications

Red Hat Summit 2018: Learn how other developers are producing cloud-native applications

Want insights into how other organizations are building cloud-native applications and microservices? At Red Hat Summit 2018, developers from a number of different companies will be sharing their stories in break-out sessions, lightning talks, and birds-of-a-feather discussions.  Learn how they solved real business problems using containers, microservices, API management, integration services, and other middleware.

Join us at Red Hat Summit 2018, to hear speakers from Bell Canada, BMW, BP, Deutsche Bank, InComm, Sabre, SIA, Swiss Railways, USAA, and many more.

Session Highlights:

Continue reading “Red Hat Summit 2018: Learn how other developers are producing cloud-native applications”

Share
An API Journey: From Idea to Deployment the Agile Way–Part I

An API Journey: From Idea to Deployment the Agile Way–Part I

The goal of this series of posts is to describe a proposed approach for an agile API delivery process. It will cover not only the development part but also the design, the tests, the delivery, and the management in production. You will learn how to use mocking to speed up development and break dependencies, use the contract-first approach for defining tests that will harden your implementation, protect the exposed API through a management gateway and, finally, secure deliveries using a CI/CD pipeline.

I coauthored this series with Nicolas Massé, who is also a Red Hatter. This series is based on our own real-life experience from our work with the Red Hat customers we’ve met, as well as from my previous position as SOA architect at a large insurance company. This series is a translation of a typical use case we run during workshops or events such as APIdays.

Continue reading “An API Journey: From Idea to Deployment the Agile Way–Part I”

Share
Red Hat Summit 2018: Develop Secure Apps and Services

Red Hat Summit 2018: Develop Secure Apps and Services

Red Hat Summit 2018 will focus on modern application development. A critical part of modern application development is of course securing your applications and services. Things were challenging when you only needed to secure a single monolithic application. In a modern application landscape, you’re probably looking at building microservices and possibly exposing application services and APIs outside the boundaries of your enterprise. In order to deploy cloud-native applications and microservices you must be able to secure them. You might be faced with the challenge of securing both applications and back-end services accessed by mobile devices while using third party identity providers like social networks. Fortunately, Red Hat Summit 2018 has a number of developer-oriented sessions where you can learn how to secure your applications and services, integrate single-sign on, and manage your APIs. Session highlights include:

Continue reading “Red Hat Summit 2018: Develop Secure Apps and Services”

Share
3scale ActiveDocs and OAuth 2.0

3scale ActiveDocs and OAuth 2.0

This guide is designed to help you integrate your Red Hat Single Sign-On server with the OpenAPI (OAI)-based ActiveDocs in your 3scale developer portal. Although it has only been implemented with this particular Identity & Access Management solution (IAM), you could in theory make some customizations where necessary to integrate with another OpenID Connect-based solution.

Continue reading 3scale ActiveDocs and OAuth 2.0

Share
3scale by Red Hat API and Identity Management Series

3scale by Red Hat API and Identity Management Series

Today’s modern infrastructure faces the complex challenge of managing user’s access to the resources. To protect system and data integrity, companies have implemented identity and access management (IAM) solutions for their in-house systems. IAM solutions address three major concepts: identity, authentication, and authorization.  Their job is to ensure that only authenticated and authorized users have access to resources or information. Every IAM solution on the market provides a great set of features such as:

  • Single Sign-On (SSO)
  • Centralized policy-based authentication and authorization
  • Identity federation

Continue reading “3scale by Red Hat API and Identity Management Series”

Share