cloudblog
2015/07/26
July 26, 2015
3 min read

API Cloud: Connect to your Backend Service Securely

WSO2 API Cloud provides a simple way to turn your web services into managed APIs with enforced policies, security, subscriber portal, and analytics. To make this all work, all API calls from subscribers need to go through API Gateway rather than directly to your backend. See arrow 3 in the API Cloud schematics here:
What this means is that you promote to your subscribers the API as it is published in the gateway and API Store, while securing the link between API Gateway and backend service. There are a few ways that you can secure the connection between the gateway and the backend:
  • Unsecured access,
  • Simple username/password authentication,
  • Add IPs as trusted sources,
  • OAuth.
Unsecured Access is obviously the easiest. While not a good idea in the long run (if users are bypassing the gateway, you don't really have an API management solution in place), but when you are only starting and experimenting, and have not launched the program yet - this is the easiest way to get started. Because of that, this is the default mode and the one we are using in API Cloud tutorials. Simple Username/Password Authentication is also very easy to implement. All you have to do is click Show More Options on the second (Implement) step of API implementation, select Secured from the drop-down list below it, and provide credentials:
Configuring your network to only accept IPs of trusted sources is a good further security step. Simply contact our team via Support / Contact Us menu item, and we will give you the IP address range that we use for API gateway. That way you can set up your backend to only accept invocations proxied by the gateway. Finally, if rather than username & password, your backend service only accepts OAuth2 authentication, we now have a fully documented way of using that approach. See this tutorial that we just published. Happy API implementations, and let us know if you have any questions.