During the last few months I worked with a few 3rd party vendors to establish new API integrations. These services were JSON based and secured using OAuth i.e. required that the API invocation should carry an Authorization header with previously obtained OAuth access token, obtained against a different OAuth service. Previously, I have described an idea on how to optimize OAuth token management and working on these integrations I had a chance to successfully implement it.
The implementation consisted from a gatewayscript and a configuration file. The gatewayscript core functionality is to manage the OAuth token storage, retrieval, and renewal, and also to set the stage for further business API invocation. The unfortunate issue was that I had to duplicate this implementation for each service as each invocation was slightly different. And so the new challenge was to make this piece of code universal and reusable across the board.
First, I have listed all the places that had service specific hardcoded elements. Next, I designed a solution to externalize those elements as a configuration and changed the code to support external configuration feed. There were approximately 4-5 changes that required rearchitecturing including the ability to dynamically generate headers with static and dynamic values (that's when I recalled what Java reflection is).
Long story short, the upgraded OAuth token management solution allows:
- OAuth token management to store, retrieve, and renew access tokens;
- Support multiple OAuth vendors and multiple APIs.
- Dynamically generates HTTP headers for the business API invocations;
- Support for static and runtime calculated values for HTTP headers.
No comments:
Post a Comment