Subscribed 2017: Tips For Working With Zuora’s New API Gateway
Download as PPTX, PDF0 likes862 views
The document outlines tips for working with Zuora's new API gateway, detailing its purpose, functions, and architecture. It highlights features like OAuth authentication, attribute-based access control, and the modular design that enhances system access and monitoring. The content also provides practical guidance on obtaining API credentials, making authenticated calls, and managing user permissions.
Subscribed 2017: Tips For Working With Zuora’s New API Gateway
- 2. ≈ Tips for Working with Zuora’s New API Gateway Scott Ellis Manager, Software Engineering, Zuora
- 3. content review page 03 01introduction A little bit about me, the development team, and the API Gateway project 03UI and SSO Authentication via a browser and Single Sign On 02working with the APIHow to obtain credentials, authenticate, and make API calls 04 permissions Understanding ABAC and controlling user permissions
- 4. hello page 04 Welcome! My name is Scott Ellis, Engineering Manager for the API Gateway project. I work remotely from Australia with a team of developers based mainly in Beijing, San Diego, and our HQ in San Mateo. The team.
- 5. overview of the API Gateway page 05 purpose Consolidate and protect API access Built on tested open-source and open standards for interoperability Ensures our APIs are your APIs functionality Create OAuth client id and client secret pairs for API access and Bearer tokens for users Other OAuth and SAML flows can be utilized for authentication through the UI and SSO Helps monitor the health of our systems and exploit all the benefits of our more modular architecture components Routing - responsible for routing as well as request rate and data volume limiting, logging and monitoring Authentication - acts as an identity provider and supports open standards such as OAuth and SAML for SSO Authorization - enables Attribute Based Access Control (ABAC)
- 6. architecture page 06 Gateway Authentication Authorization Micro- service Micro- service Micro- service Micro- service 2) API Call 1) Authenticate 3) Response
- 7. page 07 Watch the Demo! Make an Authenticated API Call Through the API Gateway Create credentials Obtain a token Call API
- 8. summary page 08 Create different client credentials for each use case Leverage existing OAuth libraries Be prepared for token expiration API calls.
- 9. architecture page 09 Gateway Authentication Authorization Micro-service Micro-service Micro-service Micro-service 2) API Call 1) Authenticate 3) Response
- 10. page 010 Watch the Demo! Authentication for Your Own UI Application Register Application User grants access UI presents API data
- 11. summary page 011 Register applications, SSO Access all our APIs with the authenticated user’s permissions SOA lets us move fast – expect more soon UI authentication.
- 12. architecture page 012 Gateway Authentication Authorization Micro- service Micro- service Micro- service Micro- service 2) API Call 1) Authenticate 3) Response
- 13. page 013 Watch the Demo! Permissions in Action View and set permissions Resource access ABAC and Policies
- 14. summary page 014 Controlling access to features ABAC is a superset of RBAC More advanced use-cases permissions.
- 15. Q&A page 015
- 16. thank you.