This is a topic proposed by @unleashed . I'll quote what he said:
The problem arises when we want to report some usage and then perform an authorization. The and then part involves a guarantee: reporting should have been performed before authorization is evaluated.
We currently do not have a repauth endpoint (it is not clear whether that would work well without resorting to OOB jobs), so we could support this flow issuing two different calls as of now, but with a guarantee.
My idea is that apisonator could create a token when reporting, pass it to the caller, pass it to the job, and have the job create a key with a reasonable expiration time once it finishes reporting. This way, we could modify the authorization calls to receive an optional token that would be checked before proceeding with authorization. If the token did exist, the call would keep calm and carry on. Otherwise it would signal the problem and ask the client to try again soon-ish.
This is a topic proposed by @unleashed . I'll quote what he said: