Configuring Different Endpoint Security Types¶
When there are multiple environments, to allow easily configuring environment-specific details, apictl supports an additional parameter file named api_params.yaml
. (Please refer Configuring Environment Specific Parameters for more information). You can specify different types of endpoint security in this file, as discussed under the below topics.
- Configuring Basic or Digest Endpoint Security
- Configuring OAuth 2.0 Endpoint Security
Configuring Basic or Digest Endpoint Security¶
The following is an example api_params.yaml
file for this scenario.
Example
environments:
- name: dev
endpoints:
production:
url: 'https://dev.prod.wso2.com'
sandbox:
url: 'https://dev.sand.wso2.com'
security:
enabled: true
type: basic
username: 'admin'
password: 'admin'
Under the security field, if the enabled
attribute is true
, you must specify the username
, password
and the type
(can be either only basic
or digest
). If the enabled
attribute is false
, then none of the security parameters will be set. If the enabled
attribute is not set (blank), then the security parameters in api.yaml file will be considered.
Info
Here, setting the basic or digest endpoint security can only be done globally. That means when you specify the security
field as shown above, both the production and sandbox endpoints will have the same security configurations. In other words, you cannot change the production and sandbox security per endpoint type separately via API Controller (apictl) for the basic and digest types.
Configuring OAuth 2.0 Endpoint Security¶
Warning
Configuring OAuth 2.0 Endpoint Security using the parameters file has been introduced via an U2/WUM update and is effective from 8th October 2021 (2021-10-08).
For more information on how to update using U2, see Updates 2.0 Documentation. For more information on how to update using WUM, see the documentation Using WSO2 Update Manager.
The following is an example api_params.yaml
file for this scenario.
Example
environments:
- name: dev
endpoints:
production:
url: 'https://dev.prod.wso2.com'
sandbox:
url: 'https://dev.sand.wso2.com'
security:
production:
enabled: true
type: oauth
tokenUrl: https://prod.token.com
clientId: Poc7i6mTj0ac3LyTW0szFzdt1gwanew
clientSecret: edDEOOjlY0kgClxVlntwWVFve64a
grantType: client_credentials
customParameters:
param1: val1
param2: val2
sandbox:
enabled: true
type: oauth
username: 'admin'
password: 'password'
tokenUrl: https://sand.token.com
clientId: Fcd7i6mTj0ac3LyTW0szFzdt1asd
clientSecret: rfDEOOjlY0kgClxVlntwWVFve56f
grantType: password
customParameters:
param3: val3
param4: val4
Unlike, basic or digest, you can provide OAuth 2.0 endpoint security per endpoint type (for production and sandbox separately).
It is mandatory to specify the fields type
, tokenUrl
, clientId
, clientSecret
and grantType
for the OAuth 2.0 endpoint security.
The grantType
can be either Client Credentials (client_credentials
) or Resource Owner Password (password
). If you specify the grant type as password
, it is mandatory to provide the username
and password.