0

My organisation operates a REST API which is accessible only from within the organisation's internal network; I am working on a separate service hosted on Google cloud which needs to call into the API.

The API exposes an OpenAPI/Swagger specification, which I want to use to create a small (on-premises) proxy application which should forward requests to the internal API (with access from the outside world restricted via e.g. an API key).

Are there any tools which might be of assistance to create or generate such a proxy, or is a different approach recommended for similar use cases? If so, how else might I go about giving my service access to the internal API?

Geno Racklin Asher
  • 101
  • 1

1 Answers1

0

Secure the API and make it available from the internet. Authentication is in general a good idea even on internal services, otherwise an attacker who compromised a host on the LAN could access it immediately.

An entire category of middleware exists around API gateways and identity aware proxies. If desired, select one and use as the external facing interface.

Machine readable API specification is helpful for security testing as well. Give machines, or maybe humans, the spec and have them try to do weird stuff with it. For inspiration have a look at existing OpenAPI tools.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34