I want to expose a Logic App as an AS2 endpoint. I know how to do that with a combination of an HTTP trigger, AS2 Decode, and HTTP response.
But the issue is that I can't customize the URL of the Logic Apps.
What I'm looking for is the ability to have something like https://as2.mydomain.com.
What are my options for that:
Use API Management to expose the Logic App as an API? -> Is it working with AS2 and in particular with the fact that I need to propagate AS2 headers and so on;
Use Application Gateway? Or Azure FrontDoor? Or something else?
We finally used API Management to expose our AS2 endpoint and it works just great.
Related
I want to request a third party API on Web APP. The API example is https://api.pinesapsapi.com/request.
Can I change the URL and build a different URL with any of the external platforms or AWS?
The basic reason of the URL changing is to keep the API Url private with my developers.
Is this possible?
For Example:
https://api.pinesapsapi.com/request should look something like https://api.xhatdffsdkj.com/request or any other generic URL
If you're looking for an AWS service to specifically do this your best best would be using API Gateway.
Configure a REST API that uses a single method of /{proxy+} and configure it with HTTP_PROXY. You can then add a custom domain name to your API Gateway setup and have it proxy to this other other domain.
Alternatively you would be looking at using a proxy based solution to forward the requests to the endpoint (such as NGINX or HAProxy running on a host such as EC2).
I have a very simple webpage created in angular, with no backed. Now I would like to store some very simple user statistics data in some way, without involving a backend. File, database or some other thing that I can access from clientside.
I had a look at MongoDB which looks very cool, I can access that via a REST api which is perfect. Only problem here is that the api is hosted on https, which my domain are not. That means I cannot connect to the api because of CORS error. And I would like to avoid buying an SSL certificate.
So do I have any options here? Storing data from clientside without a backend and SSL?
Thanks!
The solution was actually to go with Mongodb, and add a free SSL certificate from https://letsencrypt.org/
I want to deploy my AngularJS app which access RESTful web-services onto an aws and I am wondering if I really need a server to serve my AngularJS files.
I can server them as static files or use something like NodeJS but do I really need one?
What are the advantages/dis-advantages of using a server in this scenario?
If your app is small, it's really not a problem if you only access to an API.
But if you want to login via other services where you have for example a public and secret token it's better to work with a server who use cache this datas from your users (maybe it's what your aws is doing).
If you want to access RESTFull Web Services from AWS, you need to put your angularjs files in a server.
The server will give access to resources, if the request is from http protocol. It will deny the request to serve if the protocol is file.
I have a backend REST app. I'm presently developing the frontend app. Now i have a confusion as to how to setup the frontend app.
Case 1 - Plan to use Spring and have a frontend controller layer that takes care of calling the REST services. But i need to have models and POJOs setup same as in the backend to parse the JSON response. This seems like a overload on frontend. How to go around about this?
Case 2 - Plan to use Angular.js. Then i need to have all my REST URLs in the controller.js which is completely accessible for anyone. That way im totally exposing my REST domain, URL and request format. Is it not a security threat? How to go around about this?
Can you please tell me which case is better and secure and how to resolve the problem attached with it?
Secure your REST endpoints using a scheme like OpenId or OAuth or something else. Spring and numerous other web app frameworks have components to help with such authentication.
AngularJS is a client side framework. You can use Angular along with Spring. They are not mutually exclusive.
Finally, any http request (including RESTful http requests) invoked on a client is easily accessed simply by viewing the network traffic. Chrome, Firefox, along with other browsers provide tools, out of the box, that make this very easy to do. All the more reason to secure those REST endpoints.
I am sending HTTP requests from GAE to MongoLab in the form of:
https://api.mongolab.com/api/1/databases/rival_testdb/collections/testCollection?apiKey=someKey
If this request was coming directly from client side, I would be very concerned. But since this request is coming from inside a servlet in GAE, is this a security concern? How could I make this more secure if possible?
I would like to use MongoLab if possible, but their API only allows for putting the API key directly in the requesting URL. So I am stuck using a URL like the one above for all API requests.
As long as you can secure the API key on the server you should be good. You do not have to worry about it being sniffed on the network as all the communications are over HTTPS thus encrypting the request string and the apiKey along with it.
-will
This is a valid concern for most public services.
Specifically for MongoLab, this discussion is present over here: https://support.mongolab.com/entries/20269612-REST-api-permissions-and-security-best-practice and it does not look like the security additions that they are talking about has been released in public.
Do check out to the link.
Having said, I am assuming that the only way that you are accessing the Mongolab API is from within your GAE Application? That at least makes it more difficult for anyone to sniff out the url from your application.
A good solution would be for MongoLab to allow a HTTP Header to be inserted before your make the REST call. Here you would some ID that identifies that it is your GAE App. And then MongoLab should be doing a check for that before permitting the call to do its work.