cms-api | API server of Any JSON CMS | Content Management System library

I'm getting following error when I try to run the tcms-api module but following the steps given,

https://tcms-api.readthedocs.io/en/latest/modules/tcms_api.html#module-tcms_api

I'm using python 3 in CentOS, applied our own domain and certificates by mounting the certificates to docker container.

Can you please tell how to solve the SSL Certificate verification failure error?

OS: Win 10 2004 x64, Python 3.8.5, tcms-api 8.6

At first I tried to get TestRun that I created manually. It worked perfectly.

Let's say I am developing blog platform where users can register account, pay for subscription and create their own blogs. Platform consists of following microservices:

• account-service
• auth-service
• subscription-service
• blog-service
• api-gateway

I am thinking of implementing api-gw pattern where all microservices except api-gw will be deployed to private network (where they will be able to talk with each other directly either synchronically or asynchronically through message broker) and they will be publicly available only through api-gw.

There will be two clients/consumers of the API:

• frontend (for clients)
• cms (for admins)

Therefore I want to make use of separate-api-gw-per-client pattern, so actually there will be two api gateways, one for regular frontend (frontent-api-gw) and one for cms (cms-api-gw), but both will talk with same microservices.

My question is about authorization and where it should take place (or rather what are pros/cons for different approaches). Let's focus on two "endpoints":

1. frontend-api-gw::createBlog() => blog-service::createBlog()

Frontend api-gw exposes endpoint to create a new blog and this api call is "forwarded" to blog-service::createBlog() endpoint. Let's say that user is already authenticated (i.e. correct JWT with user id is passed along with request to api-gw).

The authorization that has to be made is to determine if user with this id can create new blog. This can be done by calling subscription-service to check if user has paid subscription. The main question is if this authorization should be made still on api-gw side (A) or on blog-service side (B):

1. cms-api-gw / frontend-api-gw::listBlogs() => blog-service::listBlogs()

Similar case - should userContext / JWT in any format be passed to each individual microservice and that microservice should decide what to return? Or individual microservices should not be aware of userContext (maybe only for logging purposes), rely on API GW authorization and just receive some parameters/arguments?

My thoughts:

In case A, the logic in each individual microservice is more complicated because of authorization layer. Can get more complicated where there will be more API gws, user roles etc. However API GW in this case is simpler and it only forwards requests to microservices.

In case B, the logic in each individual microservice is less complicated, simple and straightforward. However there is more logic in API GW because it has to implement authorization for all platform (at least for the part that this api gw is responsible for). Maybe it can be also advantage to have all authorization in one place and not spread across microservices?

Also in case B there is less coupling between individual microservices I think.

What do you guys think of those two approaches / maybe you have other "ideas"?