Using Postman: Difference between revisions

From Izara Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 44: Line 44:
#:Password: Abc123456!
#:Password: Abc123456!


=Authorizer=
== AppLevel ==
There is no “owner” for this level, users with application level permissions to administer roles can do so
#Can change other user roles.
#Can create new roles
#Change site-wide settings
#SuperUser permissions for lower level RBAC (eg:  User level or Category level RBAC permissions)TODO: so, you all need to give the role permission to user)
=== allow the role permission to user appLevel ===
*'''SuperUser'''
:can do all actions:
:: CREATE | UPDATE | DELETE | GET | LIST
*'''VerifiedUser''' 
:can do some actions:
:: CREATE | GET | LIST
*'''BasicUser '''
:can do few actions:
:: GET 
==== example reloPermission ====
*'''AppLevel:superUser'''
<syntaxhighlight lang="JavaScript">
{
  "roleIdKey":"AppLevel_this-is-uuid-for-role-superUserA",
  "service_resource_action":"ServiceTemplate_Config_Create",
  "permission": "accept"
}
</syntaxhighlight>
*'''AppLevel:verifiedUser'''
<syntaxhighlight lang="JavaScript">
{
  "roleIdKey": "AppLevel_this-is-uuid-for-role-verifiedUserA",
  "service_resource_action": "ServiceTemplate_Config_Create",
  "permission": "accept"
}
</syntaxhighlight>
*'''AppLevel:basicUser'''
<syntaxhighlight lang="JavaScript">
{
  "roleIdKey": "AppLevel_this-is-uuid-for-role-basicUserA",
  "service_resource_action": "UserAccountAppLevel_UserRole_Get",
  "permission": "accept"
}
</syntaxhighlight>
==== example UserRoles ====
*'''AppLevel:superUser'''
<syntaxhighlight lang="JavaScript">
{
"userId": "this-is-uuid-for-user-superUserA",
"roleIdKey": "AppLevel_this-is-uuid-for-role-superUserA"
}
</syntaxhighlight>
*'''AppLevel:verifiedUser'''
<syntaxhighlight lang="JavaScript">
{
  "userId": "this-is-uuid-for-user-verifiedUserA",
  "roleIdKey": "AppLevel_this-is-uuid-for-role-verifiedUserA"
}
</syntaxhighlight>
*'''AppLevel:basicUser'''
<syntaxhighlight lang="JavaScript">
{
  "userId": "this-is-uuid-for-user-basicUserA",
  "roleIdKey": "AppLevel_this-is-uuid-for-role-basicUserA"
}
</syntaxhighlight>
==== setting for authorizer appLevel ====
*function.yml
:For LambdaFunctionHdrApi applevel
<syntaxhighlight lang="JavaScript">
LambdaFunctionHdrApi:
  events:
  - http:
      path: Lambda/LambdaAction
      method: post
      cors: true
      authorizer:
        arn: ${self:custom.iz_authorizerAppLevel}
        type request
        resultTtlInSeconds: 0
</syntaxhighlight>
== UserLevel ==
* All permissions are linked to one user id.
* Has an owner (the current user), that user always has full permissions for their user id.
* Available roles are shared by all users, any user can create new roles and add permissions, roles can then be used by any users.
* Only the creator of the role can make changes later (for the start - in future we can add RBAC management of user level roles).
=== example permissions:  ===
* Can administer users roles/permissions
* Can administer sell offers for this user
=== allow the role permission to user ===
:[[Allow the role permission to user appLevel]]
==== example rolePermission ====
* Create role permission, user can do action, can create in seed data or  run from
https://us-east-2.console.aws.amazon.com/apigateway/home?region=us-east-2#/apis/rwnhg855jd/resources/y8erkk : '''RolePermissionCreateHdrApi'''
*'''UserLevel:verifiedUser'''
:<syntaxhighlight lang="JavaScript">
{
  "roleIdKey":"UserLevel_this-is-uuid-for-role-verifiedUserA_this-is-uuid-for-role-verifiedUserB",
  "service_resource_action":"VariantStandard_Product_AddProduct",
  "permission": "accept"
}
</syntaxhighlight>
==== example userRoles ====
* Create userRoles, user have role, can create from 
**https://us-east-2.console.aws.amazon.com/apigateway/home?region=us-east-2#/apis/rwnhg855jd/resources/y8erkk : UserRolesCreateHdrApi
*'''UserLevel:verifiedUser'''
:<syntaxhighlight lang="JavaScript">
{
  "userId": "this-is-uuid-for-user-verifiedUserB",
  "roleIdKey": "UserLevel_this-is-uuid-for-user-verifiedUserA_this-is-uuid-for-user-verifiedUserB"
}
</syntaxhighlight>
==== setting for authorizer userLevel ====
*function.yml
:For LambdaFunctionHdrApi userlevel, need to add adds targetid to api route/path
<syntaxhighlight lang="JavaScript">
LambdaFunctionHdrApi:
  events:
  - http:
      path: Lambda/LambdaAction${self:custom.api_path_targetid_suffix} 
      method: post
      cors: true
      authorizer:
        arn: ${self:custom.iz_authorizerUserLevel}
        type request
        resultTtlInSeconds: 0
</syntaxhighlight>


= Test API in post man =
= Test API in post man =
Line 196: Line 54:
#*You can see more response see in '''cloudwatch''' in function testing.
#*You can see more response see in '''cloudwatch''' in function testing.
#:[[File:Screenshot from 2022-10-10 11-39-07.png]]
#:[[File:Screenshot from 2022-10-10 11-39-07.png]]
= [[API Gateway Authorizers]] =

Revision as of 12:40, 10 October 2022

Connecting Postman to API Gateway

Connect API to Post man.

  1. AWS API Gateway: click name of service api
    Screenshot from 2022-10-10 10-07-58.png
  2. Click stage /Test
    Screenshot from 2022-10-10 10-33-30.png
    • and click export choose ..”Export as Swagger+Postman Extensions” copy code JSON
    Screenshot from 2022-10-10 10-38-08.png
  3. Go to postman and paste in import/ Raw text/ continue.
    • a. Screenshot from 2022-10-10 10-41-59.png
    • b. Screenshot from 2022-10-10 10-43-05.png
  4. Now My Workspace connect to Api finished.
    Screenshot from 2022-10-10 10-46-07.png


Access Token

web interface: https://d1gix48j5w3eur.cloudfront.net/buying

  1. Navbar > Sign in using mock account (suggested), if you signup with new user will get default role in basicUser, that mean you NOT allow to access all functions.
    Screenshot from 2022-10-10 10-55-56.png
  2. F12 to see element
    • select tab >> Application
    Screenshot from 2022-10-10 10-56-31.png
    • Session Storage > http... > access_token and copy these token to postman
    Screenshot from 2022-10-10 10-58-56.png
  3. Go to postman and paste token to Authorization > TYPE: Bearer Token >> [Token] ...
    Screenshot from 2022-10-10 11-00-12.png
  4. For auth: UserLevel, need to send “targerUserId” in Params>Path Variables>

    KEY: targetUserId

    VALUE: <targetUserId>


Email

Email use in web interface for get access token.

  1. basicUserA
    Email: success+basicUserTest@simulator.amazonses.com
    Password: Abc123456!
  2. verifiedUserA
    Email: success+verifiedUserTestA@simulator.amazonses.com
    Password: Abc123456!
  3. verifiedUserB
    Email: success+verifiedUserTestB@simulator.amazonses.com
    Password: Abc123456!
  4. superUserA
    Email: success+superUserTest@simulator.amazonses.com
    Password: Abc123456!


Test API in post man

  1. Click on workspace and choose folder and file testing
    • Click Body choose rew> JSON and push your request in code block.
    • and send message.
    Screenshot from 2022-10-10 11-31-23.png
  2. Below block show return response.
    • If test api works . will show return response and status code: 200 OK
    • You can see more response see in cloudwatch in function testing.
    Screenshot from 2022-10-10 11-39-07.png


API Gateway Authorizers

Retrieved from "https://izara.io/wiki/index.php?title=Using_Postman&oldid=2105"