Integration can be painful! Through demos and use-case examples, you’ll learn tips to make it easier. We’ll cover Zuora’s new API gateway, SSO, as an authentication method, authorization, and steps to access our new microservices.

2. ≈
Tips for Working with
Zuora’s New API
Gateway
Scott Ellis
Manager, Software Engineering, Zuora

3. content
review
page
03
01introduction
A little bit about me, the
development team, and the
API Gateway project
03UI and SSO
Authentication via a browser
and Single Sign On
02working with the
APIHow to obtain credentials,
authenticate, and make API
calls
04 permissions
Understanding ABAC and
controlling user permissions

4. hello
page
04
Welcome! My name is Scott Ellis,
Engineering Manager for the API
Gateway project.
I work remotely from Australia with a team
of developers based mainly in Beijing,
San Diego, and our HQ in San Mateo.
The team.

5. overview of the API Gateway
page
05
purpose
Consolidate and protect API
access
Built on tested open-source and
open standards for
interoperability
Ensures our APIs are your APIs
functionality
Create OAuth client id and
client secret pairs for API
access and Bearer tokens for
users
Other OAuth and SAML flows
can be utilized for
authentication through the UI
and SSO
Helps monitor the health of our
systems and exploit all the
benefits of our more modular
architecture
components
Routing - responsible for
routing as well as request
rate and data volume
limiting, logging and
monitoring
Authentication - acts as an
identity provider and
supports open standards
such as OAuth and SAML for
SSO
Authorization - enables
Attribute Based Access
Control (ABAC)

6. architecture
page
06
Gateway
Authentication
Authorization
Micro-
service
Micro-
service
Micro-
service
Micro-
service
2) API Call
1) Authenticate
3) Response

7. page
07
Watch the
Demo!
Make an
Authenticated API
Call Through the
API Gateway
Create credentials
Obtain a token
Call API

8. summary
page
08
Create different client credentials for
each use case
Leverage existing OAuth libraries
Be prepared for token expiration
API calls.

9. architecture
page
09
Gateway
Authentication
Authorization
Micro-service
Micro-service
Micro-service
Micro-service
2) API Call
1) Authenticate
3) Response

10. page
010
Watch the
Demo!
Authentication for
Your Own UI
Application
Register Application
User grants access
UI presents API data

11. summary
page
011
Register applications, SSO
Access all our APIs with the
authenticated user’s permissions
SOA lets us move fast – expect more
soon
UI authentication.

12. architecture
page
012
Gateway
Authentication
Authorization
Micro-
service
Micro-
service
Micro-
service
Micro-
service
2) API Call
1) Authenticate
3) Response

13. page
013
Watch the
Demo!
Permissions in
Action
View and set permissions
Resource access
ABAC and Policies

14. summary
page
014
Controlling access to features
ABAC is a superset of RBAC
More advanced use-cases
permissions.

15. Q&A
page
015

16. thank you.