Hi Senthalan, We currently have this capability in EMM/IoTS. However API creator part is tightly coupled with api manager features.
[1] API Scanner and Creator : https://github.com/wso2/carbon-device-mgt/tree/master/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher [2] Gateway: This either can use api manager gateway and do a JWT validation or Use the tomcat valve and do the authorization as you described - https://github.com/wso2/carbon-device-mgt/tree/master/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework . Just wanted to add some other features that we can support as a future requirement is to support swagger annotation. Which is to read and publish along with the api. This way we could create the documentation in store. Thanks, Ayyoob *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <sentha...@wso2.com> wrote: > Hi all, > > Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture > > The idea of the above is to automatically create APIs from the deployed > web apps in AS and publish them into the API Publisher. Publishing APIs > automatically makes it easier for webapp developers on Tomcat to use APIM > easier. Right now, the users has to manually create Managed APIs for their > REST-ful web apps. > > As part of this effort, the API gateway will be included within Tomcat > based AS itself. This is used to validate whether the request from that end > user have permission to access that API. So the AS will have an integrated > API gateway to validate. > > The api everywhere for AS 6.0 have 3 main components, > > 1. > > API Scanner > 2. > > API Creator > 3. > > Integrated API gateway > > > API Scanner component will scan the deployed web app and create APIs. In > web app deployment time the API scanner will scan the annotations and > configurations and generate APIs and API informations. > > API Creator will publish the APIs into API Publisher. For that user have > to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token > will be request from the APIM Key manager. Then using that access token the > generated APIs will be published into APIM. The API will be in the > “CREATED” state, the webapp developers can edit and publish as their wish. > API Creator will be a running on new thread to reduce the web app startup > time. > > Integrated API gateway will intercept the request into AS. The access > token of the request will be validated with APIM key manager. If the token > have the right to access the web app, the request will be passed or > otherwise an exception will be thrown to the end user. > > > Until now implementation of API Scanner and API Creator are completed and > working PoC is available. > > We have to decide which information we are going to publish into the API > publisher. There are some items like tags, business information and etc > which are not compulsory when creating APIs. > > > [image: Inline image 1] > > -- > K.Senthalan, > Software Engineering Intern, > WSO2 Inc. > Tel: +94771877466 > Email: senthalank...@cse.mrt.ac.lk > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture