Skip to main content

Version: 3.2.16.3

Use Token to Integrate with GitOps Workflow

Tokens are a type of digital credential that contain user authentication information and authorization data, used for secure communication between clients and servers. They allow users to access protected resources or perform specific operations without directly providing sensitive information (such as username and password). As an important mechanism widely used in the security of modern web applications and APIs, tokens can help achieve secure, scalable, and stateless authentication and authorization.

Background

Enterprises often adopt various platforms in application delivery, such as security vulnerability analysis and resource management platforms, to meet diverse specific needs and scenarios. However, in the case of large and complex corporate systems, the integration between systems and how to achieve automated GitOps workflow become important issues that need to be solved.

In such circumstances, enterprises can choose not to use the API7 Enterprise Dashboard for integration. Utilizing the system token provided by API7 Enterprise for authentication and authorization can also achieve seamless integration of API7 Enterprise with their own systems.

Prerequisites

  1. Install API7 Enterprise.

Implementation Steps

How Does Token Work in API7 Enterprise

1. Register an Account

Register a dedicated account for managing tokens to avoid the impact of personnel changes on account permissions, since token permissions and account roles are synchronized.

2. Review API Documentation

  • Review the API documentation of API7 Enterprise to understand the available API interfaces, request parameters, and response formats.

  • Based on the required API calls, determine the necessary roles and permissions, and grant the role permissions to the current system account.

  • Confirm the request parameters corresponding to the API interfaces to be called to avoid unauthorized API calls due to insufficient permissions.

3. Obtain a Token

Generate a token in API7 Enterprise, and select an appropriate expiration time, such as 7 days / 30 days / 60 days.

Generate Token

Note: The token is only displayed once, so it needs to be copied and securely stored after generation.

4. Send API Call Requests

  • Developers in the R&D system should write code to implement the API calls of the API7 Enterprise.

  • The code includes building the request URL, setting the request headers (including the token), sending the request, and handling the response.

The following code examples demonstrate two methods to add the token to the request header for authentication and authorization.

  1. The first method is to fetch all API data and add the token to the request header for authentication and authorization.

    curl -k \
    -X GET "http://api.example.com/api7ee/admin/services" \
    -H "X-API-KEY: $API_KEY"
  2. The second way is to add the token in the cookie of request headers.

    curl -k \
    -X GET "http://api.example.com/api7ee/admin/services" \
    -H "Cookie: X-API-KEY=$API_KEY"

5. Test API Calls

  • Developers test the API call code in the local environment to ensure that the API7 Enterprise API can be correctly called and the expected response is obtained.

  • During the testing process, developers use the previously obtained token for authentication and authorization.

6. Deployment and Integration

  • After successful testing, developers deploy the API call code to the R&D system, and it is recommended that a different token from the test environment be used to enhance security.

  • The R&D system is integrated with the API of the API7 Enterprise to achieve data exchange and functional interoperability.

7. Implement Automated Workflows

By integrating the APIs of the API7 Enterprise, enterprises can implement automated workflows. For example, the APIs of the API7 Enterprise can be automatically called to send notifications, update data, or trigger other operations.

8. Token Update and Management

To enhance security, the production environment tokens should be updated regularly, such as every 90 days, and the new tokens should be properly stored. You can perform the token update operation on the API7 Enterprise console. Once the token is updated, the previous token will immediately become invalid.

Conclusion

In the enterprise environment, especially when managing multi-platform code and integrating complex systems, the role of tokens is particularly prominent. Enterprises can achieve seamless integration of API7 Enterprise with their systems using tokens. Therefore, automated workflows can be implemented to improve R&D efficiency and enhance data exchange capabilities between systems.


API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation