2

Are there any practical ways to limit APIs from being invoked by applications outside of working hours or days in WSO2 API Manager or WSO2 Integrator Studio?

Some services in my company need to be called during working hours, and I have to disable them when no one is working

ycr
  • 12,828
  • 2
  • 25
  • 45
Ehsan
  • 53
  • 5

2 Answers2

0

Few options. You can create and engage a Sequence to reject the message based on the Day or Time. Something similar to below. The following example will reject messages coming in on the weekend or after 5PM or before 8AM each day. But this will be an overhead on the service.

<?xml version="1.0" encoding="UTF-8"?>
<sequence name="WeekEndChecker" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
    <property expression="get-property('SYSTEM_DATE', 'EEEEE')" name="day" scope="default" type="STRING"/>
    <property expression="get-property('SYSTEM_DATE', 'HH')" name="hour" scope="default" type="STRING"/>
    <filter xpath="$ctx:day != 'Saturday' and $ctx:day != 'Sunday' and 17 >= number($ctx:hour) and number($ctx:hour) >= 8">
        <then>
            <log>
                <property name="MSG" value="Allowed to Access"/>
            </log>
        </then>
        <else>
            <property name="HTTP_SC" scope="axis2" type="STRING" value="401"/>
            <payloadFactory media-type="xml">
                <format>
                    <Error xmlns="">You are not allowed to access this service during the off hours.</Error>
                </format>
                <args/>
            </payloadFactory>
            <respond/>
        </else>
    </filter>
</sequence>

Another Option is, in API Manager you can change the State of the API to a state like blocked during the off hours. You can probably automate this process using the apictl, check this.

In the same way in MI you can deactivate Proxy services, you can use the mi CLI for this. Check here.

ycr
  • 12,828
  • 2
  • 25
  • 45
0

In addition to the options like custom sequence and blocking the API, there are other options available.

  1. Custom Handler

You can write a custom handler and inject that to an API based on API properties. In that case, API developer will defined some properties for the API under API properties and based on that, we can inject the custom handler for the API. The custom handler has the logic which you want to handle.

Please refer - https://apim.docs.wso2.com/en/latest/reference/customize-product/extending-api-manager/extending-gateway/writing-custom-handlers/#writing-a-custom-handler

  1. Global Synapse Handler

We can write a single handler and apply this handler globally to all the APIs. In here also you can write any logic and prevent user accessing the API.

You can read about Synapse Handlers in https://apim.docs.wso2.com/en/latest/integrate/develop/customizations/creating-synapse-handlers/#what-is-a-synapse-handler

A sample Synapse handler can be found in https://medium.com/api-integration-essentials/wso2-api-manager-3-0-how-to-add-a-custom-synapse-log-handler-to-log-api-related-transactions-24c418f03303

Pubci
  • 3,834
  • 1
  • 13
  • 28