CallmeT-ty
commented
3 months ago Write readme or explainer for API token authorization on switchboard for communication with tech ops
Open CallmeT-ty opened 3 months ago
CallmeT-ty
commented
3 months ago Write readme or explainer for API token authorization on switchboard for communication with tech ops
froid1911
commented
3 months ago CallmeT-ty
commented
2 months ago I've briefly documented this here. https://www.notion.so/makerdao-ses/Internal-Documentation-Core-Dev-50bbcde54139452da0549f82531c1c19?pvs=4#5405a089bf4348acb72d5b4d27f77c75
use the etheruem login and api tokens to protect routes. imo it makes sense to introduce a /admin route where only requests from addresses from the env var ADMIN_ETH_ADDRESSES are accepted.
You go to the switchboard frontend, login with your ethereum address and create an API Key. if your ethereum address is listed in the environment variable ADMIN_USERS="0xabc,0xcde" you are allowed to add a drive, delete a drive or update a drive. if not you are not.
you can provide the api key when you are in the graphql explorer. next to the variables you can provide http header. there you add: { Authorization: "Bearer" }