0

I want to know what is the best way to secure a remote api for use by tyk.

Let me explain :

When a call this done by the proxy tyk it is secure because it takes a token or other.

Now if I want to make calls directly to the remote API without going through the tyk proxy there is a problem because there is no need for token or other.

How to secure remote api for calls not coming from tyk ?

maksimov
  • 5,792
  • 1
  • 30
  • 38
  • Maybe you could explain what type of "security" you have in mind? Your question is extremely vague... – Volker Mar 02 '17 at 14:56
  • I want a security with which we can access the remote api only through proxy tyk. –  Mar 02 '17 at 15:15
  • This is a networking/firewall only question and has nothing to do with programming or Go. Or am I misunderstanding your problem? – Volker Mar 02 '17 at 15:38
  • I thought there was one thing to configure so that an attacker who took control of the tyk server can not access the remote apis. With the installation of a firewall, the attacker has access to the apis. –  Mar 02 '17 at 15:53
  • So we are talking about magical miracles here :-) – Volker Mar 02 '17 at 20:07
  • So if an attacker takes control of the server hosting tyk there is nothing to do? –  Mar 02 '17 at 20:24
  • I have to admit I simply have no idea about what type of "security" you are talking. – Volker Mar 02 '17 at 21:15
  • I want the remote API not to be reachable if we do not go through the tyk proxy. –  Mar 02 '17 at 21:40

1 Answers1

0

Probably the simplest way to do this would be at the network level, essentially by whitelisting your Tyk instance's IP in your firewall and blocking all other traffic. That way only, traffic sent via Tyk will be able to access your upstream API.

Another way to secure access to your API would be to inject a header into requests sent via Tyk so that a check can be performed to ensuring that any requests received contain the correct header.

kohrVid
  • 33
  • 2
  • 5