Move from API keys to route-based authentication for HTTP gateways #1418
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…eway docs, fix example secrets file, fix openApi template paths
vponline
commented
Sep 5, 2022
amarthadan
suggested changes
Sep 8, 2022
vponline
force-pushed
the
remove-gateway-api-keys
branch
2 times, most recently
from
d5a5270
to
66b0bc5
Compare
vponline
force-pushed
the
remove-gateway-api-keys
branch
from
66b0bc5
to
fff7ac4
Compare
amarthadan
approved these changes
Sep 9, 2022
|
Hi @vponline, I noticed that API keys are still required for heartbeat; will this be changing as well? It seems to me from an outsider's perspective that it would be more consistent; that said, there might be more compelling reasons to keep it. I'm still testing this change at the moment; I'll let you know about the results and testcases as soon as I'm done. |
Good question @martinkolenic , the heartbeat will remain as is with api keys since the idea is that API providers can setup their own heartbeat-receiving endpoints using the more traditional 'api key in header' authorization approach) 😄 |
Siegrift
pushed a commit
that referenced
this pull request
Nov 3, 2022
…1418) * Remove gateway keys from validator and configs * Remove gateway keys from local handlers, examples, request headers, gcp verification * Add gateway path_key uuid to deployer, terraform and openapi templates * Add pathKey to local gateway server * Remove unused path_key variable from terraform, add uuid to local gateway docs, fix example secrets file, fix openApi template paths * Increase npm registry ping delay * Fix GCP gateway output url * Generate gateway uuid with terraform random_uuid * Uuse constant pathKey in local gateways * Merge branch temp-v0.10.0 into remove-gateway-api-keys * Update local gateway pathKey constant
Siegrift
added a commit
that referenced
this pull request
Nov 8, 2022
* Avoid constants with side effects (#1394) * Remove constants test * Fix flaky test One of the unsafe evaluate test is flaky because the setInterval used internally might be potentially be called 4 times until the evaluation is suspended by the node VM. This fix is to change the tick period to make this even less probable. * Use API_CALL_TIMEOUT constant in tests * Remove API_CALL_TOTAL_TIMEOUT * Add worker timeout test * Refactor airnode-utilities timeouts * Rename default timeout to default blockchain call timeout * Add changeset * Fix lint * Remove unused delay configuration for deployer handlers * Merge pull request #1396 from api3dao/remove-heartbeatId Remove heartbeatId * Heartbeat signature (#1398) * Add heartbeat signing * Add changeset * Use timestamp in heartbeat signature * Heartbeat data (#1415) * Add heartbeat signing * Add changeset * Use timestamp in heartbeat signature * Add airnode_address, cloud_provider, stage, region to heartbeat payload * Add changeset * Remove airnode_address from heartbeat payload * Fix martin github account * Move from API keys to route-based authentication for HTTP gateways (#1418) * Remove gateway keys from validator and configs * Remove gateway keys from local handlers, examples, request headers, gcp verification * Add gateway path_key uuid to deployer, terraform and openapi templates * Add pathKey to local gateway server * Remove unused path_key variable from terraform, add uuid to local gateway docs, fix example secrets file, fix openApi template paths * Increase npm registry ping delay * Fix GCP gateway output url * Generate gateway uuid with terraform random_uuid * Uuse constant pathKey in local gateways * Merge branch temp-v0.10.0 into remove-gateway-api-keys * Update local gateway pathKey constant * Fix lint and tests Co-authored-by: vponline <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1374
I have tested that this works with AWS, GCP and local gateways.