leviolson
/
guardian-api-proxy
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
A single proxy server to authenticate requests to multiple internal APIs
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
30 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
guardian-api-proxy/README.md

45 lines
2.4 KiB
Raw Permalink Normal View History

Update README.md
6 years ago
Create README
8 years ago
 
  1. # Guardian API Auth Proxy #

  2. 

  3. A single proxy server to authenticate requests to multiple internal APIs.  Experimenting with using Node.js as a single point of entry to access internal APIs.  The idea being you have _a single_ entry point so APIs can remain inaccessible to the outside world and you only have to edit a single point when making security enhancements. Individual APIs are secured by having to pass a `client_id`, `username`, and `password` along with the request.  This is validated early in the request.
  4. 

  5. Added benefits include:
  6. 

  7. * A single database change to the `client_id` and you have re-secured access, if for some reason a malicious intent is discovered.  At that point, the method of entry can be addressed, and new `client_id`s can be distributed (typically in the form of an app update).
  8. * In the use-case of mobile apps, changing the `client_id` can also be detected, and this can be the basis for forcing an app update (i.e. trigger a popup to download new version from app store).
  9. * Logging API traffic is now made *super simple* and analytics become a natural/inherent part of this service.
  10. * And a lot more...
  11. 

  12. An example of how this is intended to work is as follows:
  13. 

  14. * Let's say we have an API that returns a list of books when we navigate to http://example.com/api/books.
  15. * We associate a `client_id` of `bookapiv01` to the base url above in a database (in real world use, this should be a completely random generated string so as not to be guessable).
  16. * Our "guardian" service is setup at https://guardian.serverexample.com/.
  17. * We send a post request to our new guardian server (including the uri string) which includes the following:
  18.     * `https://guardian.serverexample.com/api/books` is the url
  19.     * `client_id = booksapiv01`
  20.     * `username = allowedusername`
  21.     * `password = reallysecurepw`
  22.     * `_method = GET` (optional)
  23.     * `params = {"author":"bill"}` (optional)
  24. * The resulting response is the list of books as if we queried the API directly.  Only we successfully authenticated the request and have all the benefits mentioned above.
  25. 

  26. * Version 0.0.1 (the alpha's alpha)
  27. 

  28. ### Installation ###

  29. 

  30. * `git clone git@github.com:leothelocust/guardian-api-proxy.git`
  31. * `npm install`
  32. * `node` or `nodemon app.js`
  33. * Voila! It workie.
  34. 

  35. ### Contribution guidelines ###

  36. 

  37. * Write tests
  38. * Then code
  39. * Code review
  40. * 4 spaces (no tabs)
  41. * Submit pull request
  42. 

  43. ### Contact ###

  44. 

  45. * Levi Olson <leothelocust> on Github