HowTo – Apply an OAuth policy on a REST API

In the previous post in the “APIfy your integrations” series, we went through an API design-first approach to building integrations to back-end systems.

We defined the API specification using RAML, implemented the API by importing the RAML into Anypoint Studio and deployed the implementation to mule runtime in cloud or on-premise.

We are now ready to share the API with the developer community.

End-to-end OAuth for APIs in less than 5 minutes!

motif

How quickly can you enable OAuth on an API and allow for client applications to be rapidly built for them? With the new OAuth 2.0 policy that is now available with the Anypoint Platform for APIs, the answer is no more than five minutes! Have a look for yourself with the following viewlet:

Google, OAuth, and the Confused Deputy – A tale of Security

motif

It sounds like the title for a fantasy movie, but Google, OAuth and the “confused deputy” is a very common issue. Wikipedia defines a confused deputy as “a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation” (complete article here).

The Wikipedia article shares an example of a compiler exposed as a paid service.

Mule OAuth2 support: Even easier still

motif

This post is brought to you by… you! Yes, a couple of weeks back I was writing about how dealing with OAuth2 secured APIs got way easier since Mule’s August 2013 Release. We got such a great feedback that we decided to incorporate some of it in our latest October 2013 release.

 

 

Token Management vs. Token Nightmare

So let’s do a quick recap.

OAuth 2 just got a bit easier

motif

Ever since Devkit made its first entry into the Mule family, a big variety of OAuth enabled Cloud Connectors were made available. Salesforce, Facebook, Twitter, Dropbox, LinkedIn and Google Apps suite are just some examples of the APIs we’ve connected to using that support.

When we started thinking about the August 2013 release we decided to take it one step forward and make it easier than ever.

How to Protect Your APIs with OAuth

motif

On this 10th ‘Day of Christmas’ Mule blog post, we tackle an increasingly important question in the world of APIs: Presume that you would like to create a remote API (which perhaps exposes some legacy business logic) for access by internal and/or external clients. How can you make sure that access to your API is protected in such a way that:

A) Only clients that you trust can access them;

MS Office is so last year, Connect to Google Apps

motif

Google Apps offers a cloud alternative to many of the office products.  If you have a Gmail account then you have Google Apps including Spreadsheets, Docs, Presentations, Contacts, Calendars and Tasks.  Of course Google Apps have APIS and of course we have the connectors to make it easy to connect Google Apps and your applications together.  Lets get the connectors and then take a look at what you can do.

Introducing the Google Cloud Connectors Suite (Part 1/3)

motif

Mark Zuckerberg once said: “How can you connect the world if you leave out China”. Well, I now at this moment say: “How can you connect the cloud if you leave out Google.” I know I don’t have his net worth, but I have a point nevertheless. The reality is that Google has done a great job building a Gazillion of different and very cool APIs, and you’d be right to feel that it’s hard to keep their pace.