Book Image

Implementing Oracle API Platform Cloud Service

By : Andrew Bell, Sander Rensen, Luis Weir, Phil Wilkins
Book Image

Implementing Oracle API Platform Cloud Service

By: Andrew Bell, Sander Rensen, Luis Weir, Phil Wilkins

Overview of this book

Implementing Oracle API Platform Cloud Service moves from theory to practice using the newest Oracle API management platform. This critical new platform for Oracle developers allows you to interface the complex array of services your clients expect in the modern world. First, you'll learn about Oracle’s new platform and get an overview of it, then you'll see a use case showing the functionality and use of this new platform for Oracle customers. Next, you’ll see the power of Apiary and begin designing your own APIs. From there, you’ll build and run microservices and set up the Oracle API gateways. Moving on, you’ll discover how to customize the developer portal and publish your own APIs. You’ll spend time looking at configuration management on the new platform, and implementing the Oauth 2.0 policy, as well as custom policies. The latest finance modules from Oracle will be examined, with some of the third party alternatives in sight as well. This broad-scoped book completes your journey with a clear examination of how to transition APIs from Oracle API Management 12c to the new Oracle API Platform, so that you can step into the future confidently.
Table of Contents (12 chapters)

Defining polices

Previous sections of this chapter have discussed the types of threats that are likely to be encountered by an organization and the policies that can be used to defend against them. This section will discuss how policies are defined using APIP CS.

The type of policy used will depend on whether APIs are being exposed on an internal gateway or an external gateway. Policies are designed by the API Manager in conjunction with Enterprise Security Architects. Generally, more consideration needs to be given to external-facing APIs as they will almost be certainly subjected to attack over the course of their life time. However, internal policies are still important, albeit that they are usually limited to authentication and authorization. The use of API gateways internally also helps to decouple and abstract systems, particularly for COTs functionality, since the APIs...