When starting the transitime-core through docker, one exposes both endpoints /web and /api to the world. We're trying to protect it using auth0 and can do it with /web, but can't with /api, since it would require passing auth0 arguments in the URL - i.e. gtfs-rt vehicle positions/trip update urls.
vsperez
commented
3 years ago 
When starting the transitime-core through docker, one exposes both endpoints /web and /api to the world. We're trying to protect it using auth0 and can do it with /web, but can't with /api, since it would require passing auth0 arguments in the URL - i.e. gtfs-rt vehicle positions/trip update urls.