Work with the platform to pass API keys to the Hydrocron API #187
Comments
|
Created ticket: NASD-4324 |
|
Platform uses the x-api-key header as an authentication mechanism in their architecture. They are looking into solutions but did ask if we could use a different header to pass in the "trusted partner" or heavy user API key. @frankinspace , @torimcd , @cassienickles - What do you think of asking our users to pass in an API key under a different header? |
|
Would it be possible for the end-user to still provide Just because |
|
@frankinspace - That is a great idea. I also though it might be confusing to end users to have to use a different header to send an API key in their request. Let me update the NASD ticket and see if this is a possibility. |
|
After talking with platform it might be easier to have our heavy users pass in a custom header ( I have confirmed that the header is passed to the Lambda authorizer and a truster partner IAM policy is returned. This counts against the trusted partner usage plan. I also confirmed that once the usage plan quota has been hit the API stops returning responses (an error message is returned). I think this is the best way forward which will allow us to implement two API keys in the short term and explore the integration of EDL authentication in the long term. |
|
Closing issue as we have found a solution and opened #189 to track future need and requirements for EDL authentication. |
In order to completely implement API keys in #186, we need to ensure that the user request API key is passed through our cloud infrastructure to our API endpoint. We will need to work with the platform to determine the best way to do this.
The text was updated successfully, but these errors were encountered: