问题
I want to know what is the best way to secure a remote api for use by tyk.
Let me explain :
When a call this done by the proxy tyk it is secure because it takes a token or other.
Now if I want to make calls directly to the remote API without going through the tyk proxy there is a problem because there is no need for token or other.
How to secure remote api for calls not coming from tyk ?
回答1:
Probably the simplest way to do this would be at the network level, essentially by whitelisting your Tyk instance's IP in your firewall and blocking all other traffic. That way only, traffic sent via Tyk will be able to access your upstream API.
Another way to secure access to your API would be to inject a header into requests sent via Tyk so that a check can be performed to ensuring that any requests received contain the correct header.
来源:https://stackoverflow.com/questions/42557962/how-to-secure-remote-api-for-calls-not-coming-from-tyk