Closed kcbabo closed 2 years ago
Zendesk ticket #526 has been linked to this issue.
Resolution of this issue helps us in tracking the user (using access logs or by sending headers to upstream) who originally create the api-key. Here is another issue, we would like to solve. I created the # 526 for this reason.
User wants to generate multiple api keys, one api key per each API client. User needs to label or alias the api key for following reasons:
PRs have merged to be released in the next Portal 1.2.0 beta:
X-Solo-Username
and X-Solo-Email
headers will be added to incoming requests and will be available to upstream APIs and when access loggingNote that email will only be written for secrets created after upgrading; use of pre-existing keys will result in no X-Solo-Email
header
Is your feature request related to a problem? Please describe. The API Key used with Ext Auth contains portal-related metadata from the Environment, Product, Usage Plan, and User definition associated with the key. Here's an example of API Key metadata today:
The AuthConfig used with the generated proxy configuration for an API includes configuration to include the plan name as a header:
Unfortunately, this configuration does not include other details that would be useful for access logging and upstream APIs such as the username and email address from the Portal User object associated with the API Key. Note that the
X-User-Id
header is not actually the username - it's the name of the API Key secret.Describe the solution you'd like We would like the ability to include additional metadata from the Portal User object as headers, specifically the username and email address. The following pieces are required to make that happen:
headersFromMetadata
entries forx-solo-username
andx-solo-email
to include these headers in the upstream request.An additional option to consider here is that instead of the static addition of these headers as described above, the person configuring the Environment and API Product CRs can include gateway options that configure
headersFromMetadata
directly. I don't believe this is possible today, as Portal does not permit extAuth configuration overrides in Environments.Describe alternatives you've considered We can simulate the behavior by modifying the API Key secret to include the fields we want and the associated AuthConfig to pass them as headers. This is not a workable solution, however, because these objects are actually managed by Portal for API Products and Environments.
Additional context Add any other context or screenshots about the feature request here.