6 Administration
6.1 Deployment
The deployment of ApiFest Mapping Server and ApiFest OAuth 2.0 Server for development and simple test goals is described in the corresponding chapters - 3.1 and 4.1. The deployment for stress tests environment and production environment requires increasing the file descriotors of the OS so the servers can handle more connections. It's recommended to start several nodes of ApiFest Mapping Server and ApiFest OAuth 2.0 Server and set a load balancer in front of them.6.2 ApiFest Mapping Server administration services
This chapter covers all available administration services exposed by the ApiFest Mapping Server.The following table summarizes all available administration services. Follow the link in order to get more details about a service.
service | description | link |
---|---|---|
GET/apifest-mappings | Returns all the mappings loaded in the ApiFest Mapping Server. | 6.2.1 |
GET/apifest-global-errors | Returns all custom global errors loaded in the ApiFest Mapping Server. | 6.2.2 |
GET/apifest-reload | Reloads online mappings and global-errors configurations. | 6.2.3 |
6.2.1 Check current loaded mappings
You can check the current mappings loaded in the ApiFest Mapping Server by the following request:GET /apifest-mappings
The response is in JSON format.
Here is an example response:
{
"v1.0": {
"mappings": {
"com.apifest.MappingPattern@e1a60a8b": {
"backendPort": 5000,
"backendHost": "127.0.0.1",
"varExpression": "[A-Z]{3}",
"varName": "code",
"authType": "client-app",
"scope": "basic",
"method": "GET",
"internalEndpoint": "/countries/{code}",
"externalEndpoint": "/v1.0/countries/{code}"
},
"com.apifest.MappingPattern@56eff2b4": {
"backendPort": 5000,
"backendHost": "127.0.0.1",
"authType": "user",
"scope": "basic",
"method": "GET",
"internalEndpoint": "/users/{userId}",
"externalEndpoint": "/v1.0/me",
"action": {
"actionClassName": "com.apifest.example.ReplaceCustomerIdAction"
}
},
"com.apifest.MappingPattern@9c7e3abe": {
"backendPort": 5000,
"backendHost": "127.0.0.1",
"authType": "client-app",
"scope": "basic",
"method": "GET",
"internalEndpoint": "/countries",
"externalEndpoint": "/v1.0/countries"
}
},
"actions": {
"com.apifest.example.ReplaceCustomerIdAction":
"com.apifest.example.ReplaceCustomerIdAction"
},
"filters": {
},
"errors": {
}
}
"v1.0": {
"mappings": {
"com.apifest.MappingPattern@e1a60a8b": {
"backendPort": 5000,
"backendHost": "127.0.0.1",
"varExpression": "[A-Z]{3}",
"varName": "code",
"authType": "client-app",
"scope": "basic",
"method": "GET",
"internalEndpoint": "/countries/{code}",
"externalEndpoint": "/v1.0/countries/{code}"
},
"com.apifest.MappingPattern@56eff2b4": {
"backendPort": 5000,
"backendHost": "127.0.0.1",
"authType": "user",
"scope": "basic",
"method": "GET",
"internalEndpoint": "/users/{userId}",
"externalEndpoint": "/v1.0/me",
"action": {
"actionClassName": "com.apifest.example.ReplaceCustomerIdAction"
}
},
"com.apifest.MappingPattern@9c7e3abe": {
"backendPort": 5000,
"backendHost": "127.0.0.1",
"authType": "client-app",
"scope": "basic",
"method": "GET",
"internalEndpoint": "/countries",
"externalEndpoint": "/v1.0/countries"
}
},
"actions": {
"com.apifest.example.ReplaceCustomerIdAction":
"com.apifest.example.ReplaceCustomerIdAction"
},
"filters": {
},
"errors": {
}
}
6.2.2 Check current loaded custom global errors
You can check the current custom global errors loaded in the ApiFest Mapping Server by the following request:GET /apifest-global-errors
The response is in JSON format.
Here is an example response:
{
"404": "{\"error\":\"resource not found\"}",
"500": "{\"error\":\"ops ...something wrong happened\"}"
}
"404": "{\"error\":\"resource not found\"}",
"500": "{\"error\":\"ops ...something wrong happened\"}"
}
6.2.3 Online configuration reload
In order to reload ApiFest mappings and custom global errors configuration online, you can use the following request:GET /apifest-reload
The response is in JSON format.
If the configuration is reloaded successfully, the response body is empty. Otherwise, a response in the following format is returned:
Status Code: 400 Bad Request
Content-Type: application/json
{"error":"[error message]"}
Content-Type: application/json
{"error":"[error message]"}
6.3 ApiFest Oauth 2.0 Server administration services
This chapter covers all available administration services exposed by the ApiFest OAuth 2.0 Server.All administration services should be secured and accessible only internally (for instance, by your Sys Admins or the personnel that should administrate ApiFest client applications).
The following table summarizes all available administration services. Follow the link in order to get more details about a service.
service | description | link |
---|---|---|
POST /oauth20/scopes | Registers a new scope. | 6.3.1.1 |
GET /oauth20/scopes | Lists all registered scopes. | 6.3.1.2 |
GET/oauth20/scopes/[scope] | Returns details about a specific scope. | 6.3.1.3 |
PUT /oauth20/scopes/[scope] | Updates a scope. | 6.3.1.4 |
DELETE /oauth20/scopes/[scope] | Deletes a scope. | 6.3.1.5 |
POST/oauth20/applications | Registers a new client application. | 6.3.2.1 |
GET/oauth20/applications | Lists all registered client applications. | 6.3.2.3 |
GET/oauth20/applications/[client_id] | Returns details about a specific client application. | ?? |
PUT/oauth20/applications/[client_id] | Updates a client application. | 6.3.2.5 |
POST/oauth20/tokens/revoke | Revokes an access token. | 6.3.3 |
GET/oauth20/tokens/validate | Validates an access token. | 6.3.4 |
6.3.1 Scope services
This chapter describes all available services in the ApiFest OAuth 2.0 Server related to scopes.6.3.1.1 Register a scope
In order to register a scope, use the following service:
POST /oauth20/scopes
Content-Type: application/json
{"scope":[scope name],"description":[description],"cc_expires_in":[client credentials tokens expiration time in seconds], "pass_expires_in":[password tokens expiration time in seconds], "refresh_expires_in":[refresh tokens expiration time in second]}
Content-Type: application/json
{"scope":[scope name],"description":[description],"cc_expires_in":[client credentials tokens expiration time in seconds], "pass_expires_in":[password tokens expiration time in seconds], "refresh_expires_in":[refresh tokens expiration time in second]}
Below is an example request/response.
Request:
POST http://127.0.0.1:8080/oauth20/scopes
Content-Type: application/json
{
"scope": "basic",
"description": "basic scope",
"cc_expires_in": 1800,
"pass_expires_in": 900,
"refresh_expires_in": 3600
}
Content-Type: application/json
{
"scope": "basic",
"description": "basic scope",
"cc_expires_in": 1800,
"pass_expires_in": 900,
"refresh_expires_in": 3600
}
Response:
Status Code: 200 OK
Content-Type: application/json
{"status":"scope successfully stored"}
Content-Type: application/json
{"status":"scope successfully stored"}
You can see more details in chapter 4.3.
6.3.1.2 List all registered scopes
In order to list all registered scopes, use the following service:GET /oauth20/scopes
Below is an example request/response.
Request:
GET http://127.0.0.1:8080/oauth20/scopes
Response:
Status Code: 200 OK
Content-Type: application/json
[
{
"description": "basic scope",
"cc_expires_in": 1800,
"pass_expires_in": 900,
"scope": "basic",
"refresh_expires_in": 3600
},
{
"description": "extended scope",
"cc_expires_in": 300,
"pass_expires_in": 120,
"scope": "extended",
"refresh_expires_in": 600
}
]
Content-Type: application/json
[
{
"description": "basic scope",
"cc_expires_in": 1800,
"pass_expires_in": 900,
"scope": "basic",
"refresh_expires_in": 3600
},
{
"description": "extended scope",
"cc_expires_in": 300,
"pass_expires_in": 120,
"scope": "extended",
"refresh_expires_in": 600
}
]
6.3.1.3 Get details about a scope
In order to get the details about a scope, you can use the following service:GET /oauth20/scopes/[scope]
where scope is the name of the scope.
Below is an example request/response.
Request:
GET http://127.0.0.1:8080/oauth20/scopes/extended
Response:
{
"description": "extended scope",
"cc_expires_in": 300,
"pass_expires_in": 120,
"scope": "extended",
"refresh_expires_in": 600
}
"description": "extended scope",
"cc_expires_in": 300,
"pass_expires_in": 120,
"scope": "extended",
"refresh_expires_in": 600
}
6.3.1.4 Update a scope
In order to update a scope, you can use the following service:
PUT /oauth20/scopes/[scope]
Content-Type: application/json
{"description":[description],"cc_expires_in":[client credentials tokens expiration time in seconds], "pass_expires_in":[password tokens expiration time in seconds], "refresh_expires_in":[refresh tokens expiration time in second]}
Content-Type: application/json
{"description":[description],"cc_expires_in":[client credentials tokens expiration time in seconds], "pass_expires_in":[password tokens expiration time in seconds], "refresh_expires_in":[refresh tokens expiration time in second]}
Below is an example request/response.
Request:
PUT http://127.0.0.1:8080/oauth20/scopes
Content-Type: application/json
{"description":"new basic scope description"}
Content-Type: application/json
{"description":"new basic scope description"}
Response:
Status Code: 200 OK
Content-Type: application/json
{"status":"scope successfully updated"}
Content-Type: application/json
{"status":"scope successfully updated"}
6.3.1.5 Delete a scope
In order to delete a scope, you can use the following service:DELETE /oauth20/scopes/[scope]
where scope is the name of the registered scope.
Below is an example request/response.
Request:
DELETE http://127.0.0.1:8080/oauth20/scopes/extended
Response:
Status Code: 200 OK
Content-Type: application/json
{"status":"scope successfully deleted"}
Content-Type: application/json
{"status":"scope successfully deleted"}
You cannot delete a scope if it is assigned to an active client application.
If you try to delete a scope that is assigned to a client application, then the following response will be returned:
Status Code: 200 OK -> should be Bad Request??
Content-Type: application/json
{"status":"scope cannot be deleted, there are client apps registered with it"}
Content-Type: application/json
{"status":"scope cannot be deleted, there are client apps registered with it"}
6.3.2 Client application services
This chapter describes all available services in the ApiFest OAuth 2.0 Server related to client applications.6.3.2.1 Register a client application
In order to register a client application, you can use the following service:
POST /oauth20/applications
Content-Type: application/json
{"name":[client application name],"description":[description],"scope":[scope], "redirect_uri":[redirect uri], "details":[refresh tokens expiration time in second],"client_id":[client id],"client_secret":[client secret]}
Content-Type: application/json
{"name":[client application name],"description":[description],"scope":[scope], "redirect_uri":[redirect uri], "details":[refresh tokens expiration time in second],"client_id":[client id],"client_secret":[client secret]}
Below is an example request/response.
Request:
POST http://127.0.0.1:8080/oauth20/applications
Content-Type: application/json
{
"name": "test_app",
"description": "test client app",
"scope": "test_scope",
"redirect_uri": "http://127.0.0.1:8080"
}
"name": "test_app",
"description": "test client app",
"scope": "test_scope",
"redirect_uri": "http://127.0.0.1:8080"
}
Response:
Status Code: 200 OK
Content-Type: application/json
{
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838"
}
Content-Type: application/json
{
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838"
}
Note, a predefined client_id and client_secret could be passed to the service so the registered client application will use them. That could be used for migration purposes. The pattern for client_id is [a-f[0-9]]+ as the client_id is a hash value, it can contain only letters from a to f and digits.
Below is an example request/response.
Request:
POST http://127.0.0.1:8080/oauth20/applications
Content-Type: application/json
{
"name": "test_app",
"description": "test client app",
"scope": "test_scope",
"redirect_uri": "http://127.0.0.1:8080",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838"
}
Content-Type: application/json
{
"name": "test_app",
"description": "test client app",
"scope": "test_scope",
"redirect_uri": "http://127.0.0.1:8080",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838"
}
Response:
Status Code: 200 OK
Content-Type: application/json
{
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838"
}
Content-Type: application/json
{
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838"
}
6.3.2.2 Activate/Deactivate a client application
By default, when a client application is registered its status is inactive and it couldn't be used.In order to activate a client application, use the following request:
PUT /oauth20/applications/[client_id]
Content-Type:application/json
{"status":[status]}
where client_id is the client id of the client application and status is the new status of the client application - 0 - means the client application is deactivated, 1 - the client application is activated.Content-Type:application/json
{"status":[status]}
Below is an example request/response.
Request:
PUT http://127.0.0.1:8080/oauth20/applications/b9db6d84dc98a895035e68f972e30503d3c724c8
Content-Type: application/json
{"status":1}
where status 1 is active, 0 - inactive.Content-Type: application/json
{"status":1}
Response:
Status Code: 200 OK
Content-Type: application/json
{"status":"client application updated"}
Content-Type: application/json
{"status":"client application updated"}
6.3.2.3 List all registered client applications
You can list all registered client applications by using the following service:
GET /oauth20/applications
Below is an example request/response.Request:
GET http://127.0.0.1:8080/oauth20/applications
Response:
Status Code: 200 OK
[
{
"name": "test2_app",
"description": "test 2 client app",
"client_id": "e523d42ce29f66235c6356f546e7f1262183626e",
"client_secret": "ec859edc5430e601ffb98892413a2b51aca32f13eb2c4353717d7849594acac7",
"scope": "test_scope",
"registered": "Sun May 10 16:10:03 EEST 2015",
"redirect_uri": "http://127.0.0.1:8080",
"status": 0
},
{
"name": "test_app",
"description": "test client app",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838",
"scope": "test_scope",
"registered": "Thu May 07 15:01:40 EEST 2015",
"redirect_uri": "http://127.0.0.1:8080",
"status": 1
}
]
[
{
"name": "test2_app",
"description": "test 2 client app",
"client_id": "e523d42ce29f66235c6356f546e7f1262183626e",
"client_secret": "ec859edc5430e601ffb98892413a2b51aca32f13eb2c4353717d7849594acac7",
"scope": "test_scope",
"registered": "Sun May 10 16:10:03 EEST 2015",
"redirect_uri": "http://127.0.0.1:8080",
"status": 0
},
{
"name": "test_app",
"description": "test client app",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838",
"scope": "test_scope",
"registered": "Thu May 07 15:01:40 EEST 2015",
"redirect_uri": "http://127.0.0.1:8080",
"status": 1
}
]
6.3.2.4 List all active/inactive client applications
You can list all client applications filtered by their status (active or inactive) using a query parameter to the service for listing client applications.
GET /oauth20/applications?status=[status]
where status is the status of the client application - 0 - inactive, 1 - active.Here is an example request/response that lists all active client applications.
Request:
GET http://127.0.0.1:8080/oauth20/applications?status=1
Response:
Content-Type: application/json
[
{
"name": "test_app",
"description": " test client app",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838",
"scope": "test_scope",
"registered": "Thu May 07 15:01:40 EEST 2015",
"redirect_uri": "http://10.46.16.93:8080",
"status": 1
}
]
[
{
"name": "test_app",
"description": " test client app",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"client_secret": "105ef93e7bb386da3a23c32e8563434fad005fd0a6a88315fcdf946aa761c838",
"scope": "test_scope",
"registered": "Thu May 07 15:01:40 EEST 2015",
"redirect_uri": "http://10.46.16.93:8080",
"status": 1
}
]
Here is an example request/response that lists all inactive client applications.
Request:
GET http://127.0.0.1:8080/oauth20/applications?status=0
Response:
Status Code: 200 OK
Content-Type: application/json
[
{
"name": "test2_app",
"description": "test 2 client app",
"client_id": "e523d42ce29f66235c6356f546e7f1262183626e",
"client_secret": "ec859edc5430e601ffb98892413a2b51aca32f13eb2c4353717d7849594acac7",
"scope": "test_scope",
"registered": "Sun May 10 16:10:03 EEST 2015",
"redirect_uri": "http://127.0.0.1:8080",
"status": 0
}
]
Content-Type: application/json
[
{
"name": "test2_app",
"description": "test 2 client app",
"client_id": "e523d42ce29f66235c6356f546e7f1262183626e",
"client_secret": "ec859edc5430e601ffb98892413a2b51aca32f13eb2c4353717d7849594acac7",
"scope": "test_scope",
"registered": "Sun May 10 16:10:03 EEST 2015",
"redirect_uri": "http://127.0.0.1:8080",
"status": 0
}
]
6.3.2.5 Update a client application
A registered client application details could be updated using the following request:
PUT /oauth20/applications/[client_ id]
where client_id is the client id of the client application.Here is an example request/response.
Request:
PUT http://127.0.0.1:8080/oauth20/applications/b9db6d84dc98a895035e68f972e30503d3c724c8
Content-Type: application/json
{
"description": "updated descr",
"scope": "test_scope",
"application_details": {
"division": "IT",
"organization": "MM"
}
}
Content-Type: application/json
{
"description": "updated descr",
"scope": "test_scope",
"application_details": {
"division": "IT",
"organization": "MM"
}
}
Response:
Status Code: 200 OK
Content-Type: application/json
{"status":"client application updated"}
Content-Type: application/json
{"status":"client application updated"}
You can update only the description, the scope, the application details and the status of a client application.
6.3.3 Access token revocation
An access token could be revoked using the following service:
POST /oauth20/tokens/revoke
Content-Type: application/json
{"access_token":[access_token],"client_id":[client_id]}
where access_token is the access token to be revoked, client_id is the client id of the client application the access token is issued for.Content-Type: application/json
{"access_token":[access_token],"client_id":[client_id]}
Here is an example request/response.
Request:
POST http://127.0.0.1:8080/oauth20/tokens/revoke
Content-Type: application/json
{
"access_token": "f48db3829c71b9dc4957e3bb7b804bd0d44db10a2b9e30346796c2d9e9f44722",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8"
}
Content-Type: application/json
{
"access_token": "f48db3829c71b9dc4957e3bb7b804bd0d44db10a2b9e30346796c2d9e9f44722",
"client_id": "b9db6d84dc98a895035e68f972e30503d3c724c8"
}
Response:
Status Code: 200 OK
Content-Type: application/json
{"revoked":"true"}
Content-Type: application/json
{"revoked":"true"}
6.3.4 Access token validation
One can check whether an access token is valid or not, using the following service:
GET /oauth20/tokens/validate?token=[access_token]
Here is an example request/response.
Request:
GET http://127.0.0.1:8080/oauth20/tokens/validate?token=f48db3829c71b9dc4957e3bb7b804bd0d44db10a2b9e30346796c2d9e9f44722
Response:
Status Code: 200 OK
Content-Type: application/json
{
"token": "f48db3829c71b9dc4957e3bb7b804bd0d44db10a2b9e30346796c2d9e9f44722",
"refreshToken": "fe45a6ea3d7a0f2cacc864523ab586551739bcbe1a167fe1d37edc6b004ad452",
"expiresIn": "120",
"type": "Bearer",
"scope": "test_scope",
"valid": true,
"clientId": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"codeId": "",
"userId": "12345",
"created": 1432542201299,
"refreshExpiresIn": "300"
}
Content-Type: application/json
{
"token": "f48db3829c71b9dc4957e3bb7b804bd0d44db10a2b9e30346796c2d9e9f44722",
"refreshToken": "fe45a6ea3d7a0f2cacc864523ab586551739bcbe1a167fe1d37edc6b004ad452",
"expiresIn": "120",
"type": "Bearer",
"scope": "test_scope",
"valid": true,
"clientId": "b9db6d84dc98a895035e68f972e30503d3c724c8",
"codeId": "",
"userId": "12345",
"created": 1432542201299,
"refreshExpiresIn": "300"
}
Here is an example request/response when the access token is invalid (expired or never issued).
Request:
GET http://127.0.0.1:8080/oauth20/tokens/validate?token=f48db3829c71b9dc4957e3bb7b804bd0d44db10a2b9e30346796c2d9e9f44722
Response:
Status Code: 401 OK
Content-Type: application/json
{"error":"invalid access token"}
Content-Type: application/json
{"error":"invalid access token"}