Story
Right now communications are "open" between Mgmt APIs and Blacklight. It might be good to have a security token of some kind passed with the requests. The Mgmt APIs are blocked by the firewall [note: need to review/confirm the setup] and should be unreachable but this would be a second line of defense.
This work should take place after #2876 (merging demo with main) but prior to release)
Acceptance
[ ] Configure security token in AWS Parameter Store
[ ] Add to Camerata
[ ] Management
[ ] Blacklight
[ ] Pass security token with OwP API requests from Blacklight
[ ] Use Authorization HTTP header
[ ] All OwP handlers in Management validate the header value
Story Right now communications are "open" between Mgmt APIs and Blacklight. It might be good to have a security token of some kind passed with the requests. The Mgmt APIs are blocked by the firewall [note: need to review/confirm the setup] and should be unreachable but this would be a second line of defense.
This work should take place after #2876 (merging demo with main) but prior to release)
Acceptance
Authorization
HTTP header