We’ve discussed API Management and setting up the Service and API Endpoints. As long time champions of all the ways you could be using an API Gateway, we’re going to walk through how take the next step with API Management and set up your Authentication.
To recap, features in an API Gateway are often categorized in three broad categories:
Here’s a quick diagram of what that looks like:
How does all of this work together? We’ve broken out a step-by-step guide on how to get started with setting up key-based authentication with Express Serverless Platform including best practices on API Management along the way.
To enable key-based authentication, we recommend adding two policies in our pipeline in this order:
Check it out:
Now we will connect our Service Endpoint to the pipeline just created. The first time we do so, an API Endpoint will be automatically created in the ‘Public’ quadrant and connected to the Gateway. This creates an end-to-end request path from the API Endpoint to the back-end service.
The API Endpoint will expect a path to be specified. Here we have specified the path ‘/now’.
So, when a request comes into the Express Serverless Platform for the URL:
Testing: Now the API end-point should be accessible to an authenticated user.
First let us simply access it without supplying credentials for key-based authentication.
We get a message ‘Unauthorized’, which is expected.
Now we access the API as user ‘bob’. We will receive a response indicating current UTC time, from the back-end service. To send the key-based authentication credentials, the request should be as follows:
curl -H “Authorization: apiKey ${keyId}:${keySecret}”
User ‘alice’ would also be able to access the API as shown below.
Pro Tip: API keys should only be sent over HTTPS, so that it is not intercepted on the wire. Note that Express Serverless Platform by default creates API Endpoints that are secured using HTTPS protocol.
If you’re interested in more of these topics, join the live discussion on twitter @lunchbadger or @express_gateway.
Share Tweet Link