Protecting APIs on Pyron API Gateway

Instructions on how to protect your APIs deployed behind the Pyron API gateway

Prerequisites

You need to have Docker and Docker Compose installed.

Select workspace

  1. In your browser, navigate to ACP and log in with your credentials.

  2. In the Workspace Directory view, select a workspace that you want to enter.

Create Pyron GW

  1. In the workspace, select APIs from the sidebar.

  2. Select the GATEWAYS tab.

  3. Select ADD GATEWAY.

  4. Select Pyron API Gateway, enter the name and the description for your gateway, and select NEXT.

  5. In the Gateway Management view, go to the QUICK START tab and follow the provided instruction to configure your gateway.

    1. Select DOWNLOAD PACKAGE to download the zipped Pyron Authorizer package. Unzip the package locally and enter the extracted folder.

      Note

      The package includes a preconfigured Pyron gateway protecting two API groups: a sample Petstore and financial APIs.

      Optional Pyron Authorizer configuration

      You can modify

      • PYRON_ACPRELOADINTERVAL, which represents the frequency of reloading policies from ACP by the authorizer and defaults to 60 seconds
      • PYRON_DISABLEANALYTICS, which can be changed from its default value (false) to true to turn off the analytics.
    2. To run Pyron Authorizer, start Docker and execute commands:

      cat credentials.txt | docker login acp.artifactory.cloudentity.com --username acp --password-stdin
      

      and next

      docker-compose up
      

      Result

      Pyron Authorizer funnels information about protected APIs to ACP.

    3. Back in the ACP administrator portal (Gateway Management view > QUICK START tab), select CONNECT API GROUPS to connect APIs and enable enforcement policies.

    Result

    The predefined set of API groups has been imported and displayed in the APIs tab of the Gateway Management view. The API groups are ready to be connected to services.

Connect a service

There are two ways to connect Pyron API groups to ACP services: starting from the gateway to be connected or starting from the service that you want to connect.

From the gateway

  1. From the list of available gateways, select your newly-created Pyron gateway and go to its APIs tab.

    Result

    A list of imported API groups opens.

  2. From the list of API groups available, select an API group and, from its drop-down menu, pick a service to which you’d like to connect the API group.

Note

You can connect an API group to an existing service or a new one you create, both options available from the same service drop-down menu.

Result

From the service

  1. Select APIs from the left sidebar and go to the AUTHORIZATION tab.

  2. Pick a service that you want to connect and select ADD GATEWAY API for the selected service.

  3. In the Connect Pyron API Group popup window, select an API gateway and an API group to be connected. Click CONNECT to proceed.

Result

In the APIS tab of the Gateway Management view, you can specific API groups integrated to services.

Apply a sample policy

  1. Create a policy.

  2. Select APIs from the left sidebar and go to the AUTHORIZATION tab.

  3. Select a service protected by Pyron and any API with authorization status None.

  4. In the Edit API popup window, select Policy from the dropdown list and click Update tp proceed.

Result

You have successfully assigned a policy to your API.

Check if it works

Visit http://localhost:8080/pets/pet/1 in your browser.

  • If your policy allows the access, you receive a sample response from the server.
  • If your policy restricts the access, you receive a 403 error message.

Learn more

For detailed operating instructions on Pyron, see Pyron Documentation.