For most of the usual crowd here, who are used to reading about identity and access management, this post will seem a little bit off the rails. There’s a method to my madness here though as I will be using the APIs, that are exposed in this application, in a few subsequent posts and videos that will demonstrate how to make these APIs more secure, specifically using Identity and Access controls. This is an important skill set for Identity Architects especially as APIs are becoming so prolific for many banks and trading firms.
With the help of just a few additional packages I am able to quickly create a base set of APIs. I’ll go through the core aspects of this as well as include a video walk-through. This application is pretty simple with a MySQL database backend and a Go application as the middle-layer. In the attached video I step through how I setup the database and the go source code to create a set of APIs to interact with the MySQL backend.
After you are finished watching this video, be sure to stay tuned for my next video, “How to protect APIs with OAuth” where I will show how we can use [ForgeRock’s] Identity Gateway (part of their Identity Platform) to implement a resource server and an authorization server that I’ll use to add OAuth2.0 to this application. These concepts are also covered in Neil Madden’s new book, “API Security in Action” from Manning Publications. Neil and Manning were kind enough to give viewers, of this next video, a discount code for his book. I’ll share this code at the end of the next video and you’ll be able to take 35% off the cost of Neil’s book. Thank you to both Neil and Manning Publications for sharing this discount code for us.
The code for this application can be cloned from here: