Managing Applications and Versions via Endpoints#
Introduction
Managing Omniverse Omniverse Kit Apps and their versions is a key part of working with the Omniverse Application Streaming API. By default, this is accomplished using Kubernetes with kubectl
to push Application
and ApplicationVersion
CRDs to the cluster. While this works well for administrators, it is often not an option for non-administrators, who typically lack both the necessary knowledge and the authorization to access the cluster and perform these tasks.
To make it easier for others to manage applications and their versions, you can enable editing endpoints in the Application service. This opens up a more user-friendly way to control which applications and versions are available to users of the system.
That said, enabling these endpoints does come with risks. It is critical to secure the endpoints properly through an API Gateway and make sure only authorized users with the requisite knowledge have access.
In this guide, there are step-by-step instructions for using the API to create, update, and delete applications and their versions.
Authentication and Authorization
The Omniverse Application Streaming API does not implement its own authentication and authorization mechanisms. Instead, customers are expected to bring their own authentication and authorization implementations to handle access to these API endpoints. This can be achieved through an API gateway or similar infrastructure.
The service assumes that all necessary security checks have been performed prior to invoking the API. It is the responsibility of the customer to ensure:
All requests are properly authenticated.
Users have the appropriate permissions to perform the requested operations.
Proper access controls are in place to prevent unauthorized access to the API endpoints.
Recommended approaches for implementing authentication and authorization include:
Using an API Gateway with built-in authentication and authorization features
Implementing a reverse proxy that handles authentication and authorization before forwarding requests to the API
Utilizing Identity and Access Management (IAM) solutions to manage user permissions and access tokens
Ensure your chosen solution can handle:
User authentication (verifying the identity of the user making the request)
Role-based access control (RBAC) to manage permissions for different API operations
Token validation and management
Secure transmission of credentials (e.g., using HTTPS)
Remember to follow security best practices when implementing your authentication and authorization solution, such as using strong encryption, regularly rotating secrets, and implementing proper logging and monitoring.