stackoom
  简体   繁体   中英

express-gateway API key management

 原文  2021-12-28 01:29:17       api-gateway/ api-management/ express-gateway

Question

I have API backend and it will be consumed by different consumers like our own company website and even other website can use our API with certain quota/limitation and for this scope management we will be using express-gateway( eg ), however this is not the only reason I am using express-gateway( eg ). Now coming to my problem/miss-understanding, for our own website we can create api-key and user credentials using eg command. But for the other user who wishes to use our api, I don't want them to contact me for this integration, rather they should be able to create a user credentials and API key themselves using some facility (let us call it key management) provided by us. Here I am stuck how to give a web platform or any other mechanism where a user can create account and then create api-key for their own website. I was thinking to extend the express-gateway app itself and create page where a website owner can fill the form with various input field that will serve as parameter for eg command and I can trigger eg command in node console and create credentials and save it in redis database and then fetch those information to show it to user as their use rid and api-key. But I want to know the best way how others are doing, like how google, twitter and many more are allowing to create api-key, delete key and regenerate the api-key on compromise. Some suggestion would be to use third party tool to manage user-credentials, I will have little inertia to accept that, even if I do so how will I hook those third-party solution to my express-gateway.

1 answers

solution1
 0  2022-01-03 14:52:12

In general, API gateways and authentication servers are independent, or at least loosely-coupled. The typical workflow is:

  1. A user browses to the Create Account page for a service.
  2. The user creates an account with the authentication server
  3. The user makes a request through the API gateway
  4. The API gateway checks with the authentication server whether the operation is allowed, discarding it if the user is not authorized to perform the requested action
  5. The API gateway dispatches the request to the appropriate server
  6. The receiving server checks whether the user is permitted to perform the action (in case the API gateway has been compromised)

Express Gateway includes its own authentication server for convenience, but the steps are basically the same. The difference is that one uses the Express Gateway Admin API to create the user and credentials rather than going to a different server.

Note that Express Gateway and its default account database (reddis) are not persistent out of the box.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Creating users in express-gateway Express-gateway config for Kubernetes services How to get express-gateway working in kubernetes? How to properly use express-gateway for authentication of a web app? How to bind Express-Gateway "host" configuration property to localhost with Nginx reverse proxy? AWS API Gateway key issue Node Express Gateway multiple API endpoints API Gateway Error on GCP : API Gateway Management Service Agent does not have permission to create Service Configs for Service AWS Api Gateway Lambda Integration is not working with api key Just installed 3scale API Management in Openshift cluster and i am unable to see the self-managed gateway
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM