liveandrew
commented
4 years ago let's chat through the changes, would be great to have to add it! i'm presuming this is only something we need for external apis?
Closed davinchia closed 3 years ago
liveandrew
commented
4 years ago let's chat through the changes, would be great to have to add it! i'm presuming this is only something we need for external apis?
davinchia
commented
4 years ago Cool! From an authentication/authorisation viewpoint, the way we expose our APIs should not change from LiveRamp-internal/LiveRamp-external. That is, in general, all APIs require bearer authorisation to work. (At least that's how Nexus has envisioned this, and I agree with). E.g. the direct-to-dist api requires this even though Select is LiveRamp-internal.
Generated swagger should incorporate bearer authentication to fully reflect our use of JWT as an authentication method.
One possible way to do this is to turn this on by default for all routes, and expose a excludes method to pardon certain routes.
See https://swagger.io/docs/specification/authentication/bearer-authentication/ for swagger specific detail.