Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Previews

Mobile app for API access management

search

Mobile app for API access management

Mobile app for API access management

The demo application is designed to demonstrate API access management through an API gateway. This demo includes a retail API (stores and warehouses) and an application that uses those APIs to allow a user to log in and view or move stock between stores and warehouses.

The application shows a proper user interface and consumes the back-end API. The application itself is not aware of any access constraints, but it is aware that some functions are public and require application authentication, which showcases the client credentials flow. The client credential flow is a machine-to-machine (M2M) flow and happens without user intervention.

Other functions require user authentication, using an OIDC authorization code flow with PKCE. For the authorization code flow, the user is redirected to the IDP in a webview to authenticate.

Source Code

Android

The application is designed using the MVVM pattern. The application language is Kotlin.

The application uses the AppAuth library for all OIDC communication and can be found here:

https://github.com/openid/AppAuth-Android

Rest APIs are managed through the Retrofit2 library.

iOS

The application is designed utilizing the MVVM pattern. The application language is Swift with SwiftUI for the UI side.

The application uses the AppAuth library for all OIDC communication and can be found here:

https://github.com/openid/AppAuth-iOS

Mobile app walkthrough

The mobile application includes a map screen. Tapping any marker on the map opens the retail location information card.

To switch to viewing warehouses, tap the tab at the top of the screen.

alt_text    alt_text

Tap List to open the Location screen, where you can see the list of available locations on the map. This makes it easier to find a particular store if the markers are cluttered or spread out.

alt_text    alt_text

Tap View Product List to view a retail location's list of products.

If you view the product list for a warehouse, you have the option of trying to move the item to a store location. This functionality is not available for stores, because you cannot move products from a store to another store.

alt_text     alt_text    alt_text

alt_text    alt_text    alt_text

On Android, you can access the menu at the top-left of the map screen. From the menu, you can access the login process, where you log in to a STA instance and gain employee or manager permissions for the protected APIs. To go back, tap the back (or triangle) button on your Android device.

alt_text    alt_text

On iOS, you can pull out the menu from the top-left button. The menu is displayed using a navigation view. The login flow is the same as on Android.

alt_text   alt_text

Install the demo app

Android

This application is not hosted on the Play store, so you need to sideload it onto your device or emulator.

The precompiled demo app is available on GitHub:

https://github.com/ThalesGroup/sta-api-access-management/blob/master/releases/android/APIProtectionDemo-1.0-release.apk

If you use Genymotion, follow the Genymotion installation process first. After your emulator is running, drag and drop the Android Package (APK) file onto the emulator to trigger an installation.

If you are using a personal device, you need to sideload it. You can either email the application to your device, or sideload it via the Android Debug Bridge (adb). For some solutions for sideloading a device, follow a guide such as:

How to sideload apps on Android:

iOS

This application is not available on App Store, and because of the app signing limitations, there is no available iOS App (IPA) file that can be sideloaded. To install the app on a device, you need to pull the repo, build the project, and configure the relevant signing identities.

You can find the source code and build instructions on GitHub:

https://github.com/ThalesGroup/sta-api-access-management/tree/master/Mobile%20Application/iOS

Configure the demo app

The mobile application can be configured to work with your own server.

  1. Create a JSON file using the following schema example. Make sure it ends in .json.

    Email or send this file to your device and download it.

  2. Share the file with the API access management app.

  3. After the file is shared, confirm that the values have been read into the configuration screen.

Schema example

You can replace the values with values from STA to create your own schema.

{
   "apiUrl":"https://back.end.api/",
   "publicClientId":"client_credential_id",
   "publicClientSecret":"client_credential_secret",
   "publicClientWellknown":"https://{client-credential-hostname}/.well-known/openid-configuration",
   "retailClientId":"authorization_id",
   "retailClientSecret":"authorization_secret",
   "retailClientWellknown":"https://{authorization-hostname}/.well-known/openid-configuration"
}