EFPF API Security Gateway User Guide

Accessing Service Registry via the API Security Gateway

The Data Spine Service Registry is accessible only through its secure proxy endpoint/route in the API Security Gateway.

The services/APIs registered in the Service Registry can be retrieved using the following endpoints:

  • Latest info: Connection Details page
  • EFPF Development environment: https://efpf-security-portal.salzburgresearch.at/apis/sr/
  • EFPF Testing environment: https://ds-test.smecluster.com/apis/sr/
  • EFPF Production environment: https://efpf.smecluster.com/apis/sr/

ASG Importer periodically updates the API-Gateway with the service endpoints defined the Service Registry.

In order to access the GET endpoint, the user should have sr_view scope, and for other HTTP methods, the user should have the sr_admin scope.

In the current implementation, users with efpf_basic role can view (GET operation) the services registered in the Service Registry.

Note : Only the users with the efpf_sr_admin or efpf_admin role can perform the admin operations (Create/Update/Delete operations on the Service Registry).

The following examples primarily contain the endpoints from the EFPF Development environment. To replace these, refer to the Connection Details page

View Service Registry

  • Get an access token for the user using the EFS Keycloak public client user-terminal
  • EFPF Development environment
curl --location --request POST 'https://efpf-security-portal.salzburgresearch.at/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=user-terminal' \
--data-urlencode 'username=replace_this_with_your_email_id@example.org' \
--data-urlencode 'password=replace_this_with_your_password'
  • EFPF Production environment
curl --location --request POST 'https://efpf.smecluster.com/auth/realms/efpf/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=user-terminal' \
--data-urlencode 'username=replace_this_with_your_email_id@example.org' \
--data-urlencode 'password=replace_this_with_your_password'
  • Access the Service Registry: retrieve all services
        curl -H 'Accept: application/json' -H "Authorization: Bearer replace_this_with_the_access_token" https://efpf-security-portal.salzburgresearch.at/apis/sr/

Example: Accessing Service Registry via API-Security-Gateway

Create (Register)/Update/Delete a service from the Service Registry

  • Get an access token for the user using the EFS Keycloak public client user-terminal
  • EFPF Development environment
curl --location --request POST 'https://efpf-security-portal.salzburgresearch.at/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=user-terminal' \
--data-urlencode 'username=replace_this_with_your_email_id@example.org' \
--data-urlencode 'password=replace_this_with_your_password'
  • EFPF Production environment
curl --location --request POST 'https://efpf.smecluster.com/auth/realms/efpf/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=user-terminal' \
--data-urlencode 'username=replace_this_with_your_email_id@example.org' \
--data-urlencode 'password=replace_this_with_your_password'
  • Register a new service to the Service Registry with the custom id test-service-1 or update an existing service with id test-service-1:
curl --location --request PUT 'https://efpf.smecluster.com/apis/sr/test-service-1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer replace_this_with_token' \
--data-raw '{
   "id": "test-service-1",
   "type": "efpf.testservice",
   "title": "Test Service from the EFPF platform",
   "description": "Test Service from the EFPF platform to be used as an example in the Data Spine Service Registry Quickstart Guide.",
   "meta": {},
   "apis": [{
      "id": "test-api-1",
      "title": "Test API 1",
      "description": "Some description",
      "url": "https://ds-test.smecluster.com/p1/exp/",
      "spec": {
         "mediaType": "application/vnd.oai.openapi+json;version=3.0",
         "url": "https://docs.efpf.linksmart.eu/projects/data-spine-nifi/apidoc/examples-swagger.json",
         "schema": {}
      },
      "meta": {}
   }],
   "doc": "https://docs.efpf.linksmart.eu/swagger-ui/?url=https://docs.efpf.linksmart.eu/projects/data-spine-nifi/apidoc/examples-swagger.json",
   "ttl": 600
}'
  • Delete an existing service from the Service Registry
curl --location --request DELETE 'https://efpf.smecluster.com/apis/sr/test-service-id-3' \
--header 'Authorization: Bearer replace_this_with_token'
  • Note : Only users with efpf_sr_admin can perform create/updates/delete operations on Service Registry

API Security Gateway (ASG) Documentation

Data Spine Service Registry User Documentation

See also

Previous