Step 1: The Dataporten API Gatekeeper

Protecting an API with an OAuth Provider is not that complex. However, you also have to add federated authentication to the provider. And then a easy to use self service portal for third party clients to register – and that would need to be federated as well. And add policy management and workflow into the mix. And you want todo this for all your APIs spanning across your organization. You will need to build something like Dataporten, or simply let Dataporten help you. Here’s how.

We already have an API, and we want to implement handling of trusted requests from Dataporten.

A trusted requeset from Dataporten, is passed on from an authenticated client and an authenticated user of the Dataporten platform. It looks like this:

GET /yourapi/something HTTP/1.1 
Accept: application/json, text/javascript, */*; q=0.01 
Authorization: Basic Zm0OmEyZDYzMzUmVpZGVjb25uZWN0OmEyZDYzMzU3LZmVpjb25uZWN0OmEyZDYzMzU3L== 
X-feideconnect-clientid: 610cbba7-3985-45ae-bc9f-0db0e36f71ad 
X-feideconnect-userid-sec: feide:andreas@uninett.no 
X-feideconnect-userid: 76a7a061-3c55-430d-8ee0-6f82ec42501f 
X-feideconnect-groups: ldap:uninett.no:AVD-U20,ldap:uninett.no,adhoc:2d7310f0-55f1-452c-af8c-e40e7e8436db