How can I encrypt/decrypt payloads with WSO2 API Manager?

0
votes

So, we have a requirement to accept encrypted requests and return encrypted responses from our cluster.

In front of our k8s cluster, we have a WSO2 API Manager and an IS protecting our APIs:

enter image description here

Pretty straightforward, we need to receive encrypted requests and be able to decrypt on WSO2 and serve them to our APIs. The same should happen with the returning messages. Our service should be able to return a decrypted message, and WSO2 should encrypt the payload.

Encryption wise, we will use a symmetric algorithm.

Having a look at the docs, it doesn't seem like WSO2 API Manager supports this out-of-the-box. However, there is also this link about adding custom mediation extensions: https://docs.wso2.com/display/AM210/Adding+Mediation+Extensions

So, my question is the following:

If I were to follow those docs, I imagine we should create two extensions. An In Flow extension for decrypting requests, and an Out Flow extension for encrypting response. Is this the right approach, or am I taking advantage of a feature not meant for this purpose?

1
javawso2wso2-amwso2is

1 Answers

0
votes

You should be able to achieve this by writing a custom mediator and attaching it via a mediation extension according to the document you've found. But IMO best option is to write a custom handler, as documented in https://docs.wso2.com/display/AM210/Writing+Custom+Handlers

With a custom handler you can write a single handler and override both handleRequest and handleResponse methods to implement the encryption/decryption. One thing you should keep in mind is that this(realtime payload encryption and decryption) will add an overhead on the gateway and affect the TPS the gateway can handle.