API Protect Java SDK Installation and Usage

1 Overview
2 Installation

Overview

The Data Theorem API Protect Java SDK is a Java library that provides protection for APIs written in Java. The SDK integrates with your Java application using the API Protect Servlet Filter which supports most popular Java Web Servers. To Protect an API, all the API developer needs to do is add the API Protect Servlet Filter to their web application code and set the client ID we provide.

Installation

Step 1: Add the SDK to your Maven/Gradle Configuration File

Example adding dependency to the maven `pom.xml` file

<repositories>
  <repository>
    <id>apiProtectSdk</id>
    <url>https://repos.securetheorem.com/api_protect_sdks/apiprotect-java</url>
  </repository>
</repositories>

<dependencies>
  <!--  ... other deps here ... -->

  <dependency>
    <groupId>com.datatheorem</groupId>
    <artifactId>apiProtectSdk_v3</artifactId>
    <version>1.2.4</version>
  </dependency>
</dependencies>

Add the below to your settings.xml to authenticate the download from the repository:

<servers>
  <server>
    <id>apiProtectSdk</id>
    <username>Maven</username>
    <password>${env.DATA_THEOREM_REPOS_SERVICE_PASSWORD}</password>
  </server>
</servers>

Step 2: Add the servlet filter to the application

The servlet filter should be imported and added to your application and added to the filter chain depending on your web framework.

Note: The ordering of filters in the filter chain is important

This filter may be added before or after any logging filters,
but it should be before other filters, including spring's DelegatingFilterProxy.


                                        Request Flow

                                            │
    ┌───────────────────────────────────┐   │
    │           Logging Filters         │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │          Api Protect Filter       │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │            Other Filters          │   │
    └───────────────────────────────────┘   │
    ┌───────────────────────────────────┐   │
    │              Servlet              │   │
    └───────────────────────────────────┘   │                                           │
                                            ▼

Example using Spring’s FilterRegistrationBean

Step 3: Set the Client ID

For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services. The client id we provide can be set via an environment variable DT_API_PROTECT_CLIENT_ID