Open alexminza opened 1 year ago
For an integration with a partner we are working on we need to allow them to call a custom API endpoint developed by us in a custom VTEX IO app.
We need to be able to secure the API endpoint and allow only specific API keys to access it. Current documentation does not describe such case and provides no examples.
https://developers.vtex.com/docs/guides/vtex-io-documentation-vrn
Looking at examples we could not make it with restricted access
Fragment from the service.json
file:
"route-name": {
"path": "/_v/route-name/:orderId",
"public": true,
"access": "authorized",
"policies": [
{
"effect": "allow",
"actions": [
"get"
],
"principals": [
"vrn:vtex.vtex-id:*:*:*:user/vtexappkey-*",
"vrn:vtex.vtex-id:*:{{account}}:*:user/vtexappkey-*"
]
}
]
},
CC @carolinamenezes, @brunoamui
How to use VRN to restrict access to a specific user / app key?
Reference: https://github.com/vtexdocs/dev-portal-content/blob/main/docs/vtex-io/Reference/concepts/vtex-io-documentation-vrn.md