Overview
The Data Theorem API Protect Java SDK is a Java library that provides protection for APIs written in Java. The SDK integrates with your Java application using the API Protect Servlet Filter which supports most popular Java Web Servers. To Protect an API, all the API developer needs to do is add the API Protect Servlet Filter to their web application code and set the client ID we provide.
Installation
Step 1: Add the SDK to your Maven/Gradle Configuration File
Example adding dependency to the maven pom.xml
file
<repositories> <repository> <id>apiProtectSdk</id> <url>https://api-protect-repos.securetheorem.com/apiprotect-java</url> </repository> </repositories> <dependencies> <!-- ... other deps here ... --> <dependency> <groupId>com.datatheorem</groupId> <artifactId>apiProtectSdk_v3</artifactId> <version>1.2.4</version> </dependency> </dependencies>
Add the below to your settings.xml to authenticate the download from the repository:
<servers> <server> <id>apiProtectSdk</id> <username>Maven</username> <password>${env.DATA_THEOREM_REPOS_SERVICE_PASSWORD}</password> </server> </servers>
Step 2: Add the servlet filter to the application
The servlet filter should be imported and added to your application and added to the filter chain depending on your web framework.
Note: The ordering of filters in the filter chain is important
This filter may be added before or after any logging filters, but it should be before other filters, including spring's DelegatingFilterProxy. Request Flow │ ┌───────────────────────────────────┐ │ │ Logging Filters │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Api Protect Filter │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Other Filters │ │ └───────────────────────────────────┘ │ ┌───────────────────────────────────┐ │ │ Servlet │ │ └───────────────────────────────────┘ │ │ ▼
Example using Spring’s FilterRegistrationBean
package com.datatheorem.SampleSpringApp; import com.datatheorem.ApiProtectServletFilter; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; @SpringBootApplication public class SampleSpringAppApplication { public static void main(String[] args) { SpringApplication.run(SampleSpringAppApplication.class, args); } @Bean FilterRegistrationBean<ApiProtectServletFilter> apiProtectFilterRegistrationBean() { // registers api protect filter FilterRegistrationBean<ApiProtectServletFilter> apiProtectFilterRegistrationBean = new FilterRegistrationBean<>(); apiProtectFilterRegistrationBean.addUrlPatterns("/api/*"); apiProtectFilterRegistrationBean.setFilter(new ApiProtectServletFilter()); return apiProtectFilterRegistrationBean; } }
Step 3: Set the Client ID
For each API you protect Data Theorem provides a unique identifier which authenticates the SDK when it communicates with our services. The client id we provide can be set via an environment variable DT_API_PROTECT_CLIENT_ID