View Source

Overview

The Data Theorem API Protect Java SDK is a Java library that provides protection for APIs written in Java. The SDK integrates with your Java application using the API Protect Servlet Filter which supports most popular Java Web Servers. To Protect an API, all the API developer needs to do is add the API Protect Servlet Filter to their web application code and set the client ID we provide.

Installation

Step 1: Add the package to dependencies

To install API Protect the provided JAR file must be added as a dependency, in case of using Maven to the pom.xml file. Here is an example of how to add the package:

Example adding dependency to the maven pom.xml file

<dependencies>
		<!--  ... other deps here ... -->

		<dependency>
			<groupId>com.datatheorem</groupId>
			<artifactId>apiProtectSdk</artifactId>
			<systemPath>{PROJECT_DIR}/{PATH_TO_SDK}/apiProtectSdk.jar</systemPath>
			<version>1.0-SNAPSHOT</version>
			<scope>system</scope>
		</dependency>
	</dependencies>

Step 2: Add the servlet filter to the application

The servlet filter should be imported and added to your application and added to the filter chain dependin on your web framework.

Note: The ordering of filters in the filter chain is important

This filter may be added before or after any logging filters,
but it should be before other filters, including spring's DelegatingFilterProxy.


                                        Request Flow

                                            │
    ┌───────────────────────────────────┐   │
    │           Logging Filters         │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │          Api Protect Filter       │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │            Other Filters          │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │              Servlet              │   │
    └───────────────────────────────────┘   │                                           │
                                            ▼

Example using Spring’s FilterRegistrationBean

package com.datatheorem.SampleSpringApp;

import com.datatheorem.ApiProtectServletFilter;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;

@SpringBootApplication
public class SampleSpringAppApplication {

    public static void main(String[] args) {
        SpringApplication.run(SampleSpringAppApplication.class, args);
    }

    @Bean
    FilterRegistrationBean<ApiProtectServletFilter> apiProtectFilterRegistrationBean() {
        // registers api protect filter
        FilterRegistrationBean<ApiProtectServletFilter> apiProtectFilterRegistrationBean = new FilterRegistrationBean<>();
        apiProtectFilterRegistrationBean.addUrlPatterns("/api/*");
        apiProtectFilterRegistrationBean.setFilter(new ApiProtectServletFilter());
        return apiProtectFilterRegistrationBean;
    }
}

Step 3: Set the Client ID

For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services. The client id we provide can be set via an environment variable DT_API_PROTECT_CLIENT_ID