These are some of the things wicked.haufe.io could do for you.
Use Mashape Kong to protect and proxy your backend APIs, securing them via API Keys or OAuth 2.0 Client Credentials flow.
Using Mashape Kong's rich functionality, implement rate limiting for your APIs, wherever needed.
Whatever Mashape Kong can do, you may configure it using the wicked Kickstarter application.
Let your users sign up with their email address and a password. Email addresses will be automatically validated by sending out verification emails.
Integrate the login process with your own ADFS 3.0 or generic OAuth2 identity provider.
You may also configure authenticating both for the Portal and for your APIs via SAML, GitHub, Google or Twitter out of the box.
Define custom user groups and assign those groups to users in order to limit access to specific APIs to specific groups. The Admin group can also be assigned.
The content section also supports group based access, e.g. to How-tos or tutorials.
Users with a verified email address can be automatically assigned a user group, and ADFS groups may be mapped automatically to wicked user groups.
API definitions can be associated with subscription plans, which can carry additional settings, e.g. different rate limits for different users.
In order to subscribe to an API, a user needs to create an application (which is the client of the API); APIs are coupled with applications, not users.
Applications can be shared among users, using different roles on the application: Admin/Owner, Collaborator and Reader.
By assigning Owner rights to an application to a different user, applications can be handed over to different developers/users without recreating them.
wicked makes it easier to configure the API Gateway correctly. The Kickstarter helps configuring e.g. Rate Limiting or CORS.
Using the wicked command line interface, trying out configuration changes or running the portal for development purposes is super simple.
Out of the box, wicked enables fast securing of your API using API Key authentication
Wicked comes with a default Authorization Server which supports federating any authentication method to OAuth 2.0
In order to view the APIs in more detail, wicked has integrated Swagger UI, with configurable direct access to the backend services.
API Plans can be configured to require approval of subscription; you will be sent an email to a predefined email address to the approval request.
wicked can post interesting events (you decide which are interesting) to either a Rocket.Chat or a Slack Chat instance. Just register a Hook URL with Slack, and configure it for wicked.
The entire APIm solution is deployed using docker; everything runs in docker, enabling deployments to whatever infrastructure supports it.
By leveraging the functionality of your chosen container orchestrator, the user-facing components of wicked (Portal, API, Authorization Server can be deployed highly available
Behind the scenes, wicked uses battle-proven, enterprise grade API Gateway KONG by Mashape. Open Source does not get much better than that.
wicked runs very well on the docker orchestration tool Kubernetes; the documentation contains recipes and best practices on running in Kubernetes, using Helm Charts
The wicked Authorization Server keeps track user scope grants to applications automatically. It also provides a way to review granted access.
The styling, colors and images can be customized to reflect your own corporate image.
Wicked and Kong store all runtime configuration (applications, users) in the best open source database available, Postgres.
For production environments, configure wicked to use an existing Postgres instance. You can also use an external redis instance (or the shipped one) for session handling and rate limiting.
|For full documentation, head over to the GitHub repository of wicked.haufe.io.