Details

    • Epic Status:
      To Do

      Description

      Motivation

      As SaaS and Headless are getting more important in our strategy, these topics are getting more and more important.

      In the beginning, the API related ongoing stories have been moved to under this Epic, however the most relevant topics we still need to work out more are the followings:

      • API gateway integration
        • To choose the one we want to integrate
      • Service Quotas
        • For a given SaaS account, you can only make a maximum number of calls within a period of time (e.g. 10k calls within a 24 hour period).
        • Probably as a "pool" given to an account/group/company/jvm
        • Giving roles permission to manage
        • Bring in current impl focused on DOS and then re-examine what we have.
        • List of common automated attacks
        • https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
        • AccessControlPolicy (Service Quotas, Service access profiles)
          • Integrated with JAX-RS/WS
      • Audits
        • Who's called what API when

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              zsigmond.rab Zsigmond Rab
              Reporter:
              zsigmond.rab Zsigmond Rab
              Recent user:
              Zsigmond Rab
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package