I have a scenario to implement when there are two authentication options one is Oauth2 and another one is custom header "x-api-key". I want to pass the request to the backend without authorization if only the x-api-key is present. Can this be achieved using a custom filter?
Asked
Active
Viewed 101 times
1
-
Are you expecting to use other features like throttling for the requests which have x-api-key? – chashikajw Apr 21 '21 at 15:25
-
no not expecting at the moment – snfrox Apr 22 '21 at 02:00
1 Answers
0
Currently, we don't have any option for this. But you can give a try to write a custom filter including the below code and place it before the Auth filter.
string X_API_HEADER_NAME = "x-api-key";
string SKIP_ALL_FILTERS = "skip_filters";
if (request.hasHeader(X_API_HEADER_NAME)) {
context.attributes[SKIP_ALL_FILTERS] = true;
}
chashikajw
- 592
- 5
- 18
-
tried adding the filter to position 2 and 3 getting Authentication Failure error. in the logs I can see skipping preAuth & analytics filters. any idea? – snfrox Apr 23 '21 at 04:24