I have created a bunch of API keys for API gateway and have configured the gateway correctly so that the keys are required when a request is made.
The execution logs report two lines: one of the API key value itself and the other of the API key ID.
Is there any way I can have the logs also contain the api key name as well?
Related
I have my public API running on AWS API Gateway, and now I want to add API keys to it, basically to see "who is using which endpoint and how many time per month/week/whatever". My API already has user management logic, with its own users db table.
The part I need help with is the analytics part - say I have this up and running, I need to be able to extract some sort of report saying, for each user (by name), how many calls were made to each endpoint. So far, the closest I've gotten was https://stackoverflow.com/a/52361117/1514576 which gets me the info I need by API key. The part that I'm missing is how I could potentially cross-reference this data with my "users" database table.
I was hoping one of you had faced a similar problem and could share how you handled it.
Question
Can I get nginx to call another microservice inside of AKS k8s prior to it routing to the requested api? - the goal being to speed up requests (fewer hops) and simplify build and deployment (fewer services).
Explanation
In our currently deployed Azure AKS (Kubernetes) cluster, we have an additional service I was hoping to replace with nginx. It's a routing microservice that calls out to a identity API prior to doing the routing.
The reason is a common one I'd imagine, we recieve some kind of authentication token via some pre-defined header(s) (the standard Authorization header, or sometimes some bespoke ones used for debug tokens, and impersonation), we call from the routing API into the identity API with those pre-defined headers and get a user identity object in return.
We then pass on this basic user identity object into the microservices so they have quick and easy access to the user and roles.
A brief explanation would be:
Nginx receives a request, off-loads SSL and route to the requested service.
Routing API takes the authorization headers and makes a call to the Identity API.
Identity API validations the authorization information and returns either an authorization error (when auth fails), or a serialized user identity object.
Router API either returns there and then, for failure, or routes to the requested microservice (by cracking the request path), and attaches the user identity object as a header.
Requested microservice can then turn that user identity object into a Claims Principal in the case of .NET Core for example.
There are obviously options for merging the Router.API and the UserIdentity.API, but keeping the separation of concerns seems like a better move. I'd just to remove the Route.API, in-order to maintain that separation, but get nginx to do that work for me.
ProxyKit (https://github.com/damianh/ProxyKit) could be a good alternative to nginx - it allows you to easily add custom logic to certain requests (for example I lookup API keys based on a tenant in URL) and you can cache the responses using CacheCow (see a recipe in ProxyKit source)
I am working on an API project and it is going to be exposed to members of our system. We need to secure our API using API key.
When the API is invoked, we need to know which member is invoking the API.
So we need to map the key with the member some how.
I am wondering what is the best way to manage the keys. Following are the options we are aware of
For each member, keep the API keys in our backend system and manage the key in our backend and once key is changed, manually update it in API gateway
Whenever key is changed in backend system, invoke the AWS API gateway rest service to update the key in API gateway
Any other options( not looking or OAuth2 like complex key management solutions)
Api Gateway API Keys are not used for authentication but identification. Read the last pargraph here. Judging from your question that you need to know which member invokes the API Gateway etc. means that you most likely need to implement an authentication system and the best candidate here is AWS Cognito. Use the right tool for the job and don't try to reinvent the wheel.
We are looking at woocommerce Rest API and tried to find any solution to have a restriction on created api for certain user so its only that user tied data that is synced through his api keys.
Ex. User A gets api keys for his user, only products,orders,stock and customer for User A gets synced through his api keys not anything else.
Feels like its just a simple rule that can be added as a function.
I am developing a service which is suppose to browse all project IDs/buckets/objects for a particular google user.
I have created the projects using Google Console and able to get the device/user/verification-url etc..and able to get the access
and refersh tokens as well.
While I got these, I had to use the ClientID and Client_Secret_Key (which as a google user) I got to see in Google Console.
Ideally, I would like to obtain this information(ClientID and secret type) in backend by using some HTTP requests or may be by some
other means.
Is anybody aware of how to obtain these ?
Maybe you're looking for the concept of a Service Account?
A service account is like S3's Access Key ID and Secret Key -- rather than being a particular Google user's data, it's the application's data.