WSO2 API Cloud provides a simple way to turn your web services into managed APIs with enforced policies, security, subscriber portal, and analytics. To make this all work, all API calls from subscribers need to go through API Gateway rather than directly to your backend. See arrow 3 in the API Cloud schematics here:
- Unsecured access,
- Simple username/password authentication,
- Add IPs as trusted sources,
Show More Optionson the second (
Implement) step of API implementation, select
Securedfrom the drop-down list below it, and provide credentials:
Contact Usmenu item, and we will give you the IP address range that we use for API gateway. That way you can set up your backend to only accept invocations proxied by the gateway. Finally, if rather than username & password, your backend service only accepts OAuth2 authentication, we now have a fully documented way of using that approach. See this tutorial that we just published. Happy API implementations, and let us know if you have any questions.