DO240 - ch04s04

Preface A: Introduction

Section A.1: Cloud-native API Administration with Red Hat 3scale API Management

Section A.2: Orientation to the Classroom Environment

Chapter 1: Introducing Red Hat 3scale API Management

Section 1.1: Introducing Red Hat 3scale API Management

Section 1.2: Guided Exercise: Creating a Lab Environment and Configuring the classroom environment

Section 1.3: Installing Red Hat 3scale API Management

Section 1.4: Guided Exercise: Installing Red Hat 3scale API Management

Section 1.5: Summary

Chapter 2: Managing APIs with Red Hat 3scale API Management

Section 2.1: Creating Backends and Products

Section 2.2: Guided Exercise: Creating Backends and Products

Section 2.3: Creating Application Plans and Rate Limits

Section 2.4: Guided Exercise: Creating Application Plans and Rate Limits

Section 2.5: Managing API Versions

Section 2.6: Guided Exercise: Managing API Versions

Section 2.7: Configuring Service Discovery

Section 2.8: Guided Exercise: Configuring Service Discovery

Section 2.9: Creating Multiple Tenants in Red Hat 3Scale API Management

Section 2.10: Guided Exercise: Creating Multiple Tenants in Red Hat 3Scale API Management

Section 2.11: Quiz: Managing APIs with Red Hat 3scale API Management

Section 2.12: Summary

Chapter 3: Managing and Customizing API Gateways

Section 3.1: Creating Self Managed APIcast Gateways

Section 3.2: Guided Exercise: Creating Self Managed APIcast Gateways

Section 3.3: Configuring Standard APIcast Policies

Section 3.4: Guided Exercise: Configuring Standard APIcast Policies

Section 3.5: Quiz: Managing and Customizing API Gateways

Section 3.6: Summary

Chapter 4: Securing APIs with Red Hat 3scale API Management

Section 4.1: Creating User Accounts for the 3Scale Admin Portal

Section 4.2: Guided Exercise: Creating User Accounts for the 3Scale Admin Portal

Section 4.3: Securing APIs with API Keys and API Key-pair Authentication

SectionSection 4.4: Guided Exercise: Securing APIs with API Keys and API Key-pair Authentication

Section 4.5: Securing APIs with Red Hat Single Sign-on and OAuth

Section 4.6: Guided Exercise: Securing APIs with Red Hat Single Sign-on and OAuth

Section 4.7: Quiz: Securing APIs with Red Hat 3scale API Management

Section 4.8: Summary

Chapter 5: Creating a Developer Portal

Section 5.1: Creating an API Developer Portal

Section 5.2: Guided Exercise: Creating an API Developer Portal

Section 5.3: Customizing an API Developer Portal

Section 5.4: Guided Exercise: Customizing an API Developer Portal

Section 5.5: Importing OpenAPI Definitions

Section 5.6: Guided Exercise: Importing OpenAPI Definitions

Section 5.7: Quiz: Creating a Developer Portal

Section 5.8: Summary

Chapter 6: Monitoring APIs with Red Hat 3scale API Management

Section 6.1: Configuring API Analytics

Section 6.2: Guided Exercise: Configuring API Analytics

Section 6.3: Monitoring 3Scale Infrastructure

Section 6.4: Guided Exercise: Monitoring 3Scale Infrastructure

Section 6.5: Quiz: Monitoring APIs with Red Hat 3scale API Management

Section 6.6: Summary

Chapter 7: Monetizing APIs with Red Hat 3Scale API Management

Section 7.1: Configuring Billing for APIs

Section 7.2: Guided Exercise: Configuring Billing for APIs

Section 7.3: Configuring Pricing Rules for API Consumption

Section 7.4: Guided Exercise: Configuring Pricing Rules for API Consumption

Section 7.5: Quiz: Monetizing APIs with Red Hat 3Scale API Management

Section 7.6: Summary

Bookmark this page

P 1 2 3 4 5 6 7

Guided Exercise: Securing APIs with API Keys and API Key-pair Authentication

In this exercise, you will secure an API by using an API key and an API key-ID pair.

Outcomes

You should be able to configure a Red Hat 3scale API Management product to require authentication by using an API key-ID pair.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command:

Deploys the application you will use in this exercise.
Configures a 3scale API Management product and backend.

[student@workstation ~]$ lab start secure-keys

Procedure 4.2. Instructions

Configure the secure_keys product to require authentication by using the API key.

Verify that the secure_keys_basic application plan in the secure_keys product does not have an associated application.

[student@workstation ~]$ 3scale application list 3scale-tenant \
  --plan=secure_keys_basic --service=secure_keys
ID	NAME	STATE	ENABLED	ACCOUNT_ID	SERVICE_ID	PLAN_ID

Create a secure_key_app application that is associated with the secure_keys_basic application plan:

[student@workstation ~]$ 3scale application create 3scale-tenant \
  john secure_keys secure_keys_basic secure_keys_app
Created application id: 13

List the API key that is associated with the secure_key_app application. Use the application ID from the preceding step.

[student@workstation ~]$ API_KEY=$(3scale application show 3scale-tenant 13 \
  -o json | jq -r '.user_key')
[student@workstation ~]$ echo $API_KEY
bc18aa400edba94148e37a4f632e34b2

Use the key to call the books-api service:

[student@workstation ~]$ curl \
  "https://secure-keys-3scale-apicast-staging.apps.ocp4.example.com:443/books?user_key=$API_KEY" | jq
...output omitted...

Configure the secure_keys product to require authentication by using the API key-ID pair.
1. Log in to RHOCP:
```
[student@workstation ~]$ oc login \
-u=admin -p=redhat --server=https://api.ocp4.example.com:6443
...output omitted...
```
2. In a web browser, log in to the 3scale API Management Administration Portal as the admin user.
  Execute the following command to see the ADMIN_PASSWORD:
```
[student@workstation ~]$ oc get secret system-seed -n 3scale \
  -o json | jq -r .data.ADMIN_PASSWORD | base64 -d; echo
...output omitted...
```
3. In the Products section, click the secure_keys product.
4. Click Integration → Settings.
5. In the Authentication section, select App_ID and App_Key Pair The application is identified via the App_ID and authenticated via the App_Key.
  Note that the user_key value becomes the default app_key value.
6. Click Update Product. Then, click Configuration and click Promote v. 2 to Staging APIcast.

Use the key-ID pair to authenticate your API call.

Verify that using API key is no longer sufficient to authorize to the API:

[student@workstation ~]$ curl \
  "https://secure-keys-3scale-apicast-staging.apps.ocp4.example.com:443/books?user_key=$API_KEY"; echo
Authentication parameters missing

Find the application ID for the application you created in the preceding steps. The following step uses ID 13 as the ID for the application:

[student@workstation ~]$ API_ID=$(3scale application show 3scale-tenant 13 \
  -o json | jq -r '.application_id')
[student@workstation ~]$ echo $API_ID
eb34878e

Authenticate your API call by using the API_KEY and API_ID variables:

[student@workstation ~]$ curl \
  "https://secure-keys-3scale-apicast-staging.apps.ocp4.example.com:443/books?app_key=$API_KEY&app_id=$API_ID"| jq
...output omitted...

Finish

On the workstation machine, use the lab command to complete this exercise. This is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish secure-keys

This concludes the guided exercise.

Discuss Cloud-native API Administration with Red Hat 3scale API Management

Go to community

Welcome to the Cloud-native API Administration (DO240) group in the Red Hat Learning Community!

Deanna

11 sie 2023

We are excited to launch a space dedicated to the Red Hat Training course Cloud-native API Administration with Red Hat 3scale API Management! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO240.Read more about Cloud-native API Administration with Red Hat 3scale API Management here.

Revision: do240-2.11-40390f6