-
Notifications
You must be signed in to change notification settings - Fork 14
02: Integrating Moesif and Your Gateway
The Moesif Developer Portal can be used with a running instance of Kong.
To integrate Moesif and Kong, you can follow our guide that covers integrating Moesif and Kong in detail. Alternatively, you can also check out our integration documentation for Kong if you’re already an experienced Kong user. Once you have the integration set, you’ll be ready to move to the next step in the Moesif Developer Portal setup process.
This next step will require you to set up an endpoint in Kong. If you already have an endpoint created, feel free to skip ahead to the next step in the guide.
If you are using Kong Manager, you can create the endpoint by clicking Services in the left-side menu, under the API Gateway section. On the Services page, click the New Service button in the top-right corner to add a new service.
On the Create Service page, You will need to fill out the Name and, after selecting the Add using URL option, the URL field. For this example, you can fill them out with the following values:
Name: HttpBin
URL: https://www.httpbin.org
Once populated, click Create to create the service. After this, you’ll see your new services viewing page.
Next, we will create a route that will expose this service. To do this, click on Routes in the left-side menu, which is also under the API Gateway section.
On the Routes page, click on the Create Route button in the top-right corner of the screen to add the new route. On the Create Route screen, you’ll have a few values to fill out including the Service, Name, Protocols, Method(s), and Path(s) fields on the screen. For this example, you can fill out these fields with the following values:
Service: Choose the Service you just created, HttpBin
Name: TestService
Protocols: http, https
Method(s): GET
Path(s): /test-service
Once populated, click Create to create the route. After this, you’ll see your new routes viewing page. With the endpoint creation complete, we can now move on to testing it to ensure it is configured correctly.
To test your newly created endpoint, you’ll want to use a tool like Postman or Insomnia. Alternatively, you could also just use a browser at this point too. In your tool, add your endpoint URL which will look like {KONG_URL}:PORT/test-service/ and send a GET request. If you are running Kong in Docker and have set up the endpoint as shown above, your URL will look like localhost:8000/test-service/.
After the request has been sent, you should see a 200 OK response as well as a response body containing the HttpBin contents (essentially a webpage). With our endpoint working, now let’s move on to securing it with an API key.
Our next step is to add the Key-Auth plugin to our Kong endpoint. For simplicity, we will enable this plugin globally but if in the future you want to only apply it to specific routes, you can do that.
In the Kong Manager Dashboard, you can add the plugin by clicking Plugins in the left-side menu, under the API Gateway section. On the Plugins page, you’ll click the New Plugin button to add a new plugin. On the Add New Plugin screen, you’ll find the Key-Authentication plugin by scrolling or searching, once found, click Enable.
On the Create new key-auth plugin screen, you’ll want to make sure that the This plugin is Enabled toggle is set to on, the Global radio button is selected, and that Config.Key Names field is set to apikey. By setting this to apikey we can pass a field of the same name in the header and include our API key as the value.
Lastly, to save our plugin configuration, scroll down to the bottom of the screen and click Create. Now, our endpoint will be secured by the kay-auth plugin. To test it out, resend the request from earlier and you should get a 401 Unauthorized response, and a message body stating No API key found in request. If you are not getting this response, please refer to the Kong documentation for key-auth.
The Moesif Developer Portal can be used with a running instance of AWS API Gateway.
To integrate Moesif and AWS API Gateway, you can follow our guide that covers integrating Moesif and AWS API Gateway in detail. Alternatively, you can also check out our integration documentation for Tyk if you’re already an experienced AWS user. Once you have the integration set, you’ll be ready to move to the next step in the Moesif Developer Portal setup process.
Before proceeding, you'll also need to make sure that you've set up an API endpoint within AWS API Gateway and added the custom Authorizer covered below.
We will add a custom Lambda Authorizer to our AWS API Gateway endpoint. Our first step is to enter the dev-portal-authorizer project in the Moesif Developer Portal. Once you have the project opened in a terminal pointing to the dev-portal-authorizer directory, do the following:
Run npm install to install the project's dependencies.
After the dependencies are installed, zip up the project using npm run zip. From this command, an authorizer.zip file will be created in the root directory of the authorizer project.
- Next, log into AWS Lambda and from the main page click Create function in the top-right corner. From here, you’ll do the following:
- On the Create function screen:
- Select Author from scratch
- Set the Function name field as
Auth0Authorizer - Choose
Node.js 18.xas the Runtime andx86_64as the Architecture - Everything else can stay as the default and then you’ll click Create function
- On the Auth0Authorizer screen, under Code source, click the Upload from dropdown and select .zip file.
- In the modal that appears, either drop your .zip file onto it or select it from the file explorer by clicking the Upload button. Then click Save to load the .zip code.
In AWS API Gateway, we will create the Authorizer by clicking on Authorizers in the left-side menu. On the Authorizers screen, we will do the following:
- Click Create New Authorizer
- Add our Name as
Auth0_Authorizer - Select the type as
Lambda - Set the Lambda Event Payload as
Token - Set the Token Source as
Authorization - The rest of the fields can be left as their defaults, and you can click Create to create the Authorizer.
Next, we will add the Authorizer by going to Resources in the left-side menu, clicking on our endpoint, and bringing up the Method Execution screen. On this screen, do the following:
- Click on Method Request
- Under Settings > Authorizer, click the Edit (pencil) icon and select
Auth0_Authorizer. Click the checkmark to save the setting. - Make sure that API Key Required is set to
false
Lastly, select the appropriate stage from the list at Stages in the left-side menu. In the Stage Editor screen, click on the Logs/Tracing tab. Under Custom Access Logging > Log Format, paste in the log format from the my-dev-portal-authorizer/aws-config/CustomAccessLogging_LogFormat.json file. The key here is that the "principalId": "$context.authorizer.principalId" formatter is included to ensure that the Stripe data is correctly attributed to the request in Moesif.
The Moesif Developer Portal can be used with a running instance of Tyk.
To integrate Moesif and Tyk, you can follow our guide that covers integrating Moesif and Tyk in detail. Alternatively, you can also check out our integration documentation for Tyk if you’re already an experienced Tyk user. Once you have the integration set, you’ll be ready to move to the next step in the Moesif Developer Portal setup process.
This next step will require you to set up an endpoint in Tyk. If you already have an endpoint created, feel free to skip ahead to the next step in the guide.
If you are using the Tyk Dashboard, you can create the endpoint by following these steps:
Log in to Tyk Dashboard:
If you already have an account, log in to the Tyk Dashboard. If not, sign up for an account to get started.
Create a New API:
- Navigate to the dashboard's main page.
- Click on the APIs section, located in the main navigation menu.
- Click the Add New API button to begin the API creation process.
API Details:
- Enter a suitable API Name, such as
TestService. - Under Type, select HTTP.
- Fill in the Upstream URL field with the URL of the service you want to expose. For this example, use
http://www.httpbin.org.
Select + Configure API to explore some more advanced configuration settings.
API Configuration:
- Under Listen path, set the listen path to whatever you would like, we will be setting it to /test-service/. Unselect strip the listen path
- Choose whether to enable SSL/TLS encryption for the API in the Enable SSL/TLS field.
- Specify supported protocols in the API Protocol field, such as
http, https. - Set allowed HTTP methods in the Allowed HTTP Methods field. Choose
GETfor this case. - Under Authentication, we will want to set the Authentication Mode to Authentication Token. Under Authentication Token > Auth Key Header Name, type Authorization. If you would like to test your endpoint without any authentication you can set this to Open (Keyless). This is assumed in the next testing step.
Save Changes:
- After completing the necessary fields and configuring API settings, save the changes by clicking the Save button.
With these steps completed, your endpoint should now be set up in the Tyk Dashboard.
To test your newly created endpoint, you’ll want to use a tool like Postman or Insomnia. Alternatively, you could also just use a browser at this point too. In your tool, add your endpoint URL which will look like {TYK_URL}:PORT/test-service/ and send a GET request. If you are running Tyk in Docker and have set up the endpoint as shown above, your URL will look like localhost:8080/test-service/.
After the request has been sent, you should see a 200 OK response as well as a response body containing the HttpBin contents (essentially a webpage). With our endpoint working, now let’s move on to securing it with an API key.
Ensure that you have set the Authentication Mode to Authentication Token within your API configuration for your endpoint. Under Authentication Token > Auth Key Header Name, type Authorization.