Defining a Backend Security Scheme¶
Set backend credentials via the OpenAPI file - Basic Auth¶
When an actual backend service of the API is protected using basic authentication, the basic authentication parameters (username and password) must be sent to the backend. Hence, you need to define the endpoint security parameter in the OpenAPI using extensions.
The security scheme used for the API must be defined in the securityConfig
under x-wso2-production-endpoints
and x-wso2-sandbox-endpoints
vendor extension in the API definition.
This is supported at the API level only.
Security configs can be applied to production and sandbox endpoints separately.
API level security configurations will be applied to all API level and resource level production and sandbox endpoints.
x-wso2-basePath: /petstore/v1
x-wso2-production-endpoints:
urls:
- https://petstore.swagger.io/v2
- https://petstore.swagger.io/v5
securityConfig:
type: BASIC # mandatory
username: admin #optional here, as you can provide credentials as environment variables
password: admin #optional here, as you can provide credentials as environment variables
Set backend credentials using environment variables - Basic Auth¶
When running the Choreo Connect, you can provide the username, password as Adapter environment variables in the following configurations files based on the deployment that you are using.
Deployment | Mode | File name | Directory |
---|---|---|---|
Docker Compose | Choreo Connect as a Standalone Gateway | docker-composer.yaml |
<CHOREO-CONNECT_HOME>/docker-compose/choreo-connect/ |
Docker Compose | Choreo Connect with WSO2 API Manager as a Control Plane | docker-composer.yaml |
<CHOREO-CONNECT_HOME>/docker-compose/choreo-connect-with-apim/ |
Kubernetes | Choreo Connect as a Standalone Gateway | adapter-deployment.yaml |
<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect/ |
Kubernetes | Choreo Connect with WSO2 API Manager as a Control Plane | adapter-deployment.yaml |
<CHOREO-CONNECT_HOME>/k8s-artifacts/choreo-connect-with-apim/ |
Note
If a username/password is not specified as environment variables, the username, password defined in the API Definition section will be used while deploying the API to Choreo Connect.
api_<API-ID>_<endpoint-type>_basic_username=<username>
api_<API-ID>_<endpoint-type>_basic_password=<password>
services:
adapter:
environment:
- api_60f7111f-fdc5-4cc7-b497-1cea64c6a97f_prod_basic_username="admin"
- api_60f7111f-fdc5-4cc7-b497-1cea64c6a97f_prod_basic_password="admin"
containers:
- name: choreo-connect-adapter
env:
- name: api_60f7111f-fdc5-4cc7-b497-1cea64c6a97f_prod_basic_username
value: "admin"
- name: api_60f7111f-fdc5-4cc7-b497-1cea64c6a97f_prod_basic_password
value: "admin"
- API-ID -
SHA1(<apiName>:<apiVersion>)
- endpoint-type -
prod
orsand
. - username - Basic Auth username.
- password - Basic Auth username.