如何保护非tyk呼叫的远程api? [英] How to secure remote api for calls not coming from tyk?

问题描述

我想知道保护由tyk使用的远程api的最佳方法是什么.

I want to know what is the best way to secure a remote api for use by tyk.

让我解释一下:

由代理tyk进行呼叫时，它是安全的，因为它需要令牌或其他令牌.

When a call this done by the proxy tyk it is secure because it takes a token or other.

现在，如果我不想通过tyk代理直接调用远程API，就会出现问题，因为不需要令牌或其他令牌.

Now if I want to make calls directly to the remote API without going through the tyk proxy there is a problem because there is no need for token or other.

如何保护非tyk呼叫的远程api?

How to secure remote api for calls not coming from tyk ?

推荐答案

大概是最简单的方法是在网络级别，基本上是将您的Tyk实例的IP列入防火墙白名单并阻止所有其他流量.只有这样，通过Tyk发送的流量才能访问您的上游API.

Probably the simplest way to do this would be at the network level, essentially by whitelisting your Tyk instance's IP in your firewall and blocking all other traffic. That way only, traffic sent via Tyk will be able to access your upstream API.

另一种安全访问API的方法是将标头注入通过Tyk发送的请求中，以便可以执行检查以确保收到的任何请求均包含正确的标头.

Another way to secure access to your API would be to inject a header into requests sent via Tyk so that a check can be performed to ensuring that any requests received contain the correct header.

这篇关于如何保护非tyk呼叫的远程api?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！