Hi Abimaran, API Import Export tool is accessible to users with admin privileges. Admin credentials needs to be passed and all details of APIs (including their actual endpoints, security levels) are routed through public channels. Therefore we decided to restrict it only for HTTPS considering the security aspects.
Thanks. On Tue, Mar 8, 2016 at 8:03 PM, Abimaran Kugathasan <[email protected]> wrote: > Hi, > > > Why API Import/Export [1] should be done only through HTTPS? > > I tried through HTTP Servlet port, it don't work > > curl -H "Authorization:Basic YWRtaW46YWRtaW4=" -X GET " > http://localhost:9763/api-import-export-v1.0.1/export-api?name=CalculatorAPI&version=1.0&provider=admin"; > -k > CalculatorAPI.zip > > Following log noticed > > [2016-03-08 09:32:45,981] WARN - CompositeValve To enable SaaS mode for > the webapp, /api-import-export-v1.0.1, configure the CarbonTomcatRealm in > META-INF/context.xml. > > > [1] : > https://docs.wso2.com/display/AM1100/Migrating+the+APIs+to+a+Different+Environment > > -- > Thanks > Abimaran Kugathasan > > Software Engineer | WSO2 Inc > Data & APIs Technologies Team > Mobile : +94 773922820 > > <http://stackoverflow.com/users/515034> > <http://lk.linkedin.com/in/abimaran> > <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> > <https://twitter.com/abimaran> > > -- Best Regards, *Thilini Cooray* Software Engineer Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20773%20451194> E-mail : [email protected] WSO2 Inc. www.wso2.com lean.enterprise.middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
