Lab 1.2 - Create an API Protection Profile

The API Protection profile is a combination of APM and AWAF features to protect any API.

Task 1 - Create an API Protection Profile

  1. From the web browser, click on the Access tab located on the left side

image0

  1. Navigate to API Protection >> Profile. Click the + (plus symbol)

image11

Note

json file is located on the jumpbox in c:\Labfiles\Agility2020-API Protection

  1. Enter the following parameters:
  • Name: api-protection
  • OpenAPI File: Active Directory OpenAPI.json
  • DNS Resolver: prebuilt-dns-resolver
  • Authorization: OAuth 2.0
  1. Click Add
  2. Click Save

image12

Task 2 - Explore the Path Configuration

  1. Note the Spec file contained four paths to various URIs
  2. Each URI only supports the Method GET
  3. The APIs server URL is http://adapi.f5lab.local:81

image13

Task 3 - Associate a JWT Provider

  1. Click Access Control from the top ribbon
  2. Click Edit (Per Request Policy)

image14

  1. Notice the same paths displayed in the API Protection profile appear here. Currently there is no fine-grained access control. We will implement it later in the lab
  2. Click the + (plus symbol) next the Subroutine OAuth Scope Check AuthZ to expand its properties:

image15

Note

The OAuth scope agent currently has a red asterisk since no provider is associated with it.

  1. Click OAuth Scope

image16

  1. Enter the following parameters:
  • Token Validation Mode: Internal
  • JWT Provider List: as-jwt-provider
  • Response: api-protection_auto_response1
  1. Click Save

image17