These are some of the things wicked.haufe.io could do for you.
Use Mashape Kong to protect and proxy your backend APIs, securing them via API Keys or OAuth 2.0 Client Credentials flow.
Using Mashape Kong's rich functionality, implement rate limiting for your APIs, wherever needed.
Whatever Mashape Kong can do, you may configure it using the wicked Kickstarter application.
Let your users sign up with their email address and a password. Email addresses will be automatically validated by sending out verification emails.
Integrate the login process with your own ADFS 3.0 server. Register the API portal with ADFS and use your local users.
You may also configure signup and login using OAuth2 with GitHub and/or Google. These identities will be treated as 'verified' automatically.
Define custom user groups and assign those groups to users in order to limit access to specific APIs to specific groups. The Admin group can also be assigned.
The content section also supports group based access, e.g. to How-tos or tutorials.
Users with a verified email address can be automatically assigned a user group, and ADFS groups may be mapped automatically to wicked user groups.
API definitions can be associated with subscription plans, which can carry additional settings, e.g. different rate limits for different users.
In order to subscribe to an API, a user needs to create an application (which is the client of the API); APIs are coupled with applications, not users.
Applications can be shared among users, using different roles on the application: Admin/Owner, Collaborator and Reader.
By assigning Owner rights to an application to a different user, applications can be handed over to different developers/users without recreating them.
wicked makes it easier to configure the API Gateway correctly. The Kickstarter helps configuring e.g. Rate Limiting or CORS.
Out of the box, wicked enables fast securing of your API using API Key authentication or OAuth 2 Client Credentials Flow. Other OAuth2.0 flows using custom components.
In order to view the APIs in more detail, wicked has integrated Swagger UI, with configurable direct access to the backend services.
API Plans can be configured to require approval of subscription; you will be sent an email to a predefined email address to the approval request.
wicked can post interesting events (you decide which are interesting) to either a Rocket.Chat or a Slack Chat instance. Just register a Hook URL with Slack, and configure it for wicked.
The entire APIm solution is deployed using docker; everything runs in docker, enabling deployments to whatever infrastructure supports it.
By using docker-compose, the deployment of your API Management solution can be easily scaled to use multiple instances of Kong, behind a powerful HAproxy. All pre-configured for you to use.
Behind the scenes, wicked uses battle-proven, enterprise grade API Gateway KONG by Mashape. Open Source does not get much better than that.
wicked runs very well on the docker orchestration tool Kubernetes; the documentation contains recipes and best practices on running in Kubernetes, using Helm Charts
Plug in your own authorization server using a simplified OAuth 2.0 interface provided by the Kong Adapter (part of wicked). Enable authentication via any Identity Provider.
Sample implementations for Authorization Servers based on SAML or for Google, Github, Facebook and Twitter are provided.
|For full documentation, head over to the GitHub repository of wicked.haufe.io.|