1 changed files with 45 additions and 0 deletions
Unified View
Diff Options
-
+45 -0README.md
+ 45
- 0
README.md
View File
| @ -0,0 +1,45 @@ | |||||
| # Guardian API Proxy # | |||||
| A single proxy server to authenticate requests to multiple internal APIs. Experimenting with using Node.js as a single point of entry to access internal APIs. The idea being you have _a single_ entry point so APIs can remain inaccessible to the outside world and you only have to edit a single point when making security enhancements. Individual APIs are secured by having to pass a `client_id`, `username`, and `password` along with the request. This is validated early in the request. | |||||
| Added benefits include: | |||||
| * A single database change to the `client_id` and you have re-secured access, if for some reason a malicious intent is discovered. At that point, the method of entry can be addressed, and new `client_id`s can be distributed (typically in the form of an app update). | |||||
| * In the use-case of mobile apps, changing the `client_id` can also be detected, and this can be the basis for forcing an app update (i.e. trigger a popup to download new version from app store). | |||||
| * Logging API traffic is now made *super simple* and analytics become a natural/inherent part of this service. | |||||
| * And a lot more... | |||||
| An example of how this is intended to work is as follows: | |||||
| * Let's say we have an API that returns a list of books when we navigate to http://example.com/api/books. | |||||
| * We associate a `client_id` of `bookapiv01` to the base url above in a database (in real world use, this should be a completely random generated string so as not to be guessable). | |||||
| * Our "guardian" service is setup at https://guardian.serverexample.com/. | |||||
| * We send a post request to our new guardian server (including the uri string) which includes the following: | |||||
| * `https://guardian.serverexample.com/api/books` is the url | |||||
| * `client_id = booksapiv01` | |||||
| * `username = allowedusername` | |||||
| * `password = reallysecurepw` | |||||
| * `_method = GET` (optional) | |||||
| * `params = {"author":"bill"}` (optional) | |||||
| * The resulting response is the list of books as if we queried the API directly. Only we successfully authenticated the request and have all the benefits mentioned above. | |||||
| * Version 0.0.1 (the alpha's alpha) | |||||
| ### Installation ### | |||||
| * `git clone git@github.com:leothelocust/guardian-api-proxy.git` | |||||
| * `npm install` | |||||
| * `node` or `nodemon app.js` | |||||
| * Voila! It workie. | |||||
| ### Contribution guidelines ### | |||||
| * Write tests | |||||
| * Then code | |||||
| * Code review | |||||
| * 4 spaces (no tabs) | |||||
| * Submit pull request | |||||
| ### Contact ### | |||||
| * Levi Olson <leothelocust> on Github | |||||