Azure APIM Prod and Non-Prod on single instance - azure-api-management

Is it possible to have logical separation of Azure APIM service i.e one could work like Prod and Non-Prod at the same time?

If you check this Azure API Management DevOps Resource you would find that Microsoft recommends to use separate Azure API Management service instances for various environments, such as production, development, and QA. Where these environments are generally shared by multiple development teams, each responsible for a subset of APIs. It is the best practice for the enterprise setup.
But if you don't want to create multiple instances then, you could try using versions and revisions.
You can create revisions by right clicking API and click "Add Revision".
Similarly you can create versions by right clicking API and click "Add Version".
For more information check this answer by #DSpirit on the similar problem shared in Stack Overflow.

Related

Can you have two Google Cloud Projects that talk to the same Cloud SQL Database?

I have just created a Project in Google Cloud, and attached a Cloud SQL Database instance to that project. I was able to deploy a Django app that is connected to that DB just fine.
However, I would like to create a separate Django app/Project that is attached to the same Cloud SQL Database that my first Django app is attached to.
Is this possible?
One Django app is responsible for web scraping and supplying constant data to the database while my second Django app (the one I have already deployed) analyzes and returns json on that data. It would be advantageous to separate the two apps because if I ever needed to revise my web scraping algorithm, the whole app would not be down.
You can use cloudsql proxy for both apps. Also as long as you authorize both of your applications with service account that have access to the cloudsql it should be fine.
You can use database that you want, in your current project or in an external one. If you use Cloud SQL proxy, the service account of your app
Either Default AppENgine service account if on App Engine
Or Compute Engine default service account
except is you have defined a specific service account on your component (Cloud Run, Compute engine)
I recommend strongly to use a specific service account on the component if it's possible (not possible with App Engine)
The role to grant on the service account is the following: roles/cloudsql.client
However, I recommend you to smartly think to your design. The current trend is to lock 1 database to 1 service (or microservice).
Think about the schema update: a synchronous update will be required between to 2 services when you update the schema or one, or the other app will fail.
Same thing in case of rollback, both apps need to be rollbacked.
If there is 2 teams, one on each app, their release planning must be sync, and you will lost in velocity and agility.
Maybe, it fits your requirement, or you can duplicate the data, inside the database (other schema). As you wish.

Azure APIM Data Level Authentication - How do people accomplish this?

Scenario: Externally exposed API, connects to multiple backed Dbs. Multiple customers can use the API, they obviously should only have access to their data. In the past this is done by separate accounts for each customer/user, and consequently each account would need setting up in each of the backend systems with the correct authorities.
Problem: I want to use Azure APIM. I don't want the extra maintenance for each user in both the Azure APIM and the backend Dbs. I was wondering if anyone has any thoughts or cases where they accomplished this in a different way. Also the API may be built with access via one account with all access to tables.
I'm sure there are different ways to approach this but a common way I believe to do this would be using Application Roles.
I don't believe this is really dependent on Azure APIM as such, but you can leverage OAuth 2.0 support to pre-authorize requests and in your backend, depending on the claims present in the token passed, you can allow/deny access to the data.
You backend would usually authenticate to the different DBs as itself with full access to all data and your backend would be tasked with making sure only people with the right claims can access the data.
In order to use an API the user/customer has to register with the Developer Portal and get a Subscription to a given API and the associated key. So you have to authenticate them. When you publish APIs through Azure API Management, it's easy and common to secure access to those APIs by using subscription keys. Client applications that need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. https://learn.microsoft.com/en-us/azure/api-management/api-management-subscriptions
The Developer Portal supports different authentication mechanisms including Azure AD. So if you plan to use Azure AD for your authentication for both portals you will need to configure it accordingly. https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad

How to integrate with SAP B1 using DI Server integration?

We are trying to integrate SAP business one to our application using Java
Where can we find more information on it any Documents, API , tutorial, links, how to start/do it pointer towards the right direction will be appreciated.
SAP's Developer portal if more focused on SAP HANA - http://go.sap.com/developer.html?original_fqdn=developers.sap.com
We are considering to use DI server to integrate from the below list?
We cannot use SAP HANA platform.
-DI API,
-DI Server,
-B1WS,
-SAP Business One Service Layer
Thank you for your help and time
The Business One installer has an option to install an SDK component. This contains a CHM format help file containing information on DI-API, DI-Server and UI-API (but not Service Layer which is for Hana version only) as well as database schema. Also in the SDK are example projects in VB and C#.
If you are using DI-Server, calling the GetBusinessObjectXmlSchema method will get you the schema for individual object types such as business partners.
DI-Server is more lightweight but has less functionality than DI-API. It is more suited to transactional processing such as importing orders from a website.
If you do need to use Service Layer, it's functions are based on DI-API and there should be a lot of concepts that apply to both.
B1WS is not stable and has lots of bugs. DI Server is difficult to be integrated with. You could use DI API to do the integration but you have to implement the integration layer with .net platform. Since you need to make the communication work between SAP B1 and your JAVA application, here is another option which should be a feasible solution. Please check the following Python flask RESTful application which is top on SAP B1 DI to enable the RESTful capability for integration with SAP B1.
https://github.com/ideabosque/SAP-B1-RESTful
Here is the detail about how it could be used to integrate between eCommerce and SAP B1.
http://ideabosque.postach.io/post/how-to-use-sap-b1-restful-to-integrate-with-ecommerce-platforms
What is your workflow to integrate between SAP B1 and the JAVA application?
Bibo W.
Di_server is oriented mainly to web products, since it allows multiple connections with one license per server, while di-api is more oriented to desktop applications and uses licenses per user.
This means that with di-server you have a license and can connect multiple users simultaneously, while with di-api you have a license you can only connect one user at a time. Of course you can use a license and manage connection times to users, connected to one and making others wait. Or if you have more di-api licenses connect more users as many licenses as you have. The cost of a di-server license is high, but it is offset against the amount of licenses you would have to buy for di-api by users you want to connect to, if you need them all to be connected to SAP BO.

Fiware: How to browse organization containers in Fiware Lab

I've currently working with ObjectStorageGE and I am able to publish and edit my objects inside the Object Storage using CDMI. For tracking pourposes I want to browse in FiwareLab -> Cloud -> Containers the objects that users of the organization has published. However, I cannot access to containers published to Organization tenant (or I cannot find to way to do it...) using the Organization owner account.
PS: I can browse containers and objects correctly in FiwareLab if I publish them using my own user tenant.
From FIWARE help-desk:
"I don’t understand why you talk about “Organisation tenant” on one side and about “my own user tenant” on the other side. What do you mean with those different tenants? Are you using the same tenant in both sites (cloud portal and API)?Take into account that only some tenants are visible in the cloud portal (the default cloud tenant associated to a user)"
In general, in order to access containers, the user must belong the tenant (account) that owns that container. This is to impose separation of access between tenants. In recent versions of Swift Object Storage there are mechanisms to allow access to others, but these are not enabled in the versions running in the Fiware lab.

Do I need to place entire database in Parse.com

We are using OpenMRS in Amazon EC2 .Can the Parse.com to make only notifications database or The Entire database to be build on Parse.com.
If it is So.We will be using the Google Messaging Cloud.
Parse's push offering can be augmented with other features (i.e. advanced targeting based on relationships with users or other data stored with Parse), but it is designed to work as a standalone feature.