Request Authentication
| Version | Change |
|---|---|
| v1.0 | Initial version |
| v1.2 | New DB structure |
To authenticate a request from 3C we will need to validate every request for the header X-API-KEY . The key will be provided from 3C. There will be one for staging and one for production. IP whitelist will also be used, but this will be done by the sysadmins.
Staging API-KEY: request from Vladislav Stratonikov
In case the header is missing or the key does not match an 401 error is to be returned.
<v1.2>
For this key in the hub_alpha database we will need a new table threecolts_app . Here we will store the key in the field api_key.
For calls that require organization_id,or other lower levels of connection (check the page in this paragraph for undestranding of the structure). We will connect with the api_key to the respective level to validate.
This information will be entered manually once per machine. The setup will be one staging/testing machine and one production. When the management of this is done from UI the key can be encoded.(This will be done in the future, not a subject to the current scope)
</v1.2>