With the increasing popularity of the usage of event streaming in many organisations, usecases around using the Kafka platform is gaining immense significance. Therefore when using Kafka which is an open source event streaming platform at a commercial level, it is essential to manage the secure communication between the clients and the Kafka Platform.

In this blog I will walk you through two ways in which you can secure Kafka and how you publish to or consume from Kafka topics using the WSO2 Streaming Integrator(SI) which is a streaming data processing server that integrates streaming data and takes action based…


Most authentication and authorisation platforms are capable of generating JSON Web Tokens(JWTs) which is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object[1]. However in most cases these platforms have their own predefined formats of JWT which might not always match our requirements. In such situations we may need to inject some additional attributes required by our applications to these JWTs so that we can extract them in inside our applications.

In this post I am going to walk you through how you can add custom user…

There might be instances where we need to extract the information coming in a JWT assertion inside our mediation sequences in order to do further manipulations. Since there is no out of the box mediator supported for this task we need to write our own custom class mediator in order to achieve it.

This blog describes how you can create a custom class mediator which extracts the JWT token coming in from WSO2 API Manager inside a custom mediation sequence inside the WSO2 micro integrator.

Below is a deployment diagram which depicts the setup I am using for this sample…

What is AWS EKS?

Kubernetes(k8s) is a container orchestration solution which is one of the top open source projects widely used across the globe today. K8s gained it’s massive popularity due to the ease it brings in deploying, maintaining and scaling applications inside containers.

Amazon Elastic Kubernetes Service (Amazon EKS)[1] is a fully managed Kubernetes service provided by Amazon. …

Previously you may have had a chance to read my blog on how we can convert APIs which are based on legacy SOAP backends to be exposed as a more user friendly RESTful API. The WSO2 API Cloud has made it a step simpler by providing this capability out of the box to the product. WSO2 API Cloud is the cloud hosted version of one of the WSO2 API Manager which was recently named as one of the API Leaders as per the Forrester Research).

With this new feature now we do not need to write the conversion logic using…

How SQL Injections can affect APIs?

SQL Injection (SQLi) in the context of APIs refers to an injection attack wherein an attacker can execute malicious SQL statements or in other words pass malicious payloads to our API which is mapped to a backend service using this payload for database operations. Since an SQL Injection vulnerability could possibly affect any backend service that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of vulnerabilities present today.

By leveraging an SQL Injection vulnerability, given the right circumstances, an attacker can use it to bypass a service’s authentication and authorization…

Let’s just recap the scenario which we are trying to achieve by referring the diagram below again.

After following this post you would be able to see the flow described in the diagram above in action.


Make sure you have completed all the steps in my previous post which covers the below scenarios [1]

Requirements for this tutorial:

a) An Azure AD subscription on the Azure Cloud [2]

b) An active directory SAAS app which has been registered and configured for SAML based SSO [3]

c) Users which have been added to the SAAS application and have been assigned to…

When we setup WSO2 API Manager in production deployments it’s expected that users are reluctant to create a new account or self sign up. In most cases the users would be having other logins which they might prefer to use to login to the API Manager without having to repeat tasks of creating each and every user manually in the user store and providing access.

What is Identity Federation??

Identity Federation is linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems. In other words Identity federation facilitates the ability of integrating users across multiple user bases to your application…

An API is defined as an application programming interface which basically acts as a proxy between the backend service and the front end applications/users. We can depict the API’s role using the diagram below.

So as you can see for an API to act as a managed API it needs to have a backend service. In theory from what we know this backend service is something which would be hosted somewhere and made available at all times since we really do not know when requests would be coming through our API into our backend service. What if you needed your…

What are web actions?

Web actions can be explained as OpenWhisk actions annotated to quickly enable you to build web based applications as defined in the official documentation. If we compare an Openwhisk action and a web action, an OpenWhisk action that is not a web action requires both authentication and must respond with a JSON object. In contrast a web action can be invoked even without authentication and is capable of also passing additional data such as HTTP header, Status codes and returning body content of different types.

What can we retrieve inside a web action?

When invoking web actions they are capable of receiving additional HTTP request details as they…

Shenavi de Mel

Lead Solutions Engineer at WSO2 | Loves coding | Loves writing

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store