Disable a Route with Kong API Gateway - api-gateway

We have a service pointing to the backend in the Kong API Gateway. And each service has multiple routes associated with it.
I would like to disable/enable individual Routes in Production. Looking at the Admin API documentation, 'Update Route' API does not have any property to disable/enable the route.

Received an answer on konghq:
https://discuss.konghq.com/t/disable-a-route-with-kong-api-gateway/3735/2

Related

Only allow access of api through Api gateway and prevent accessing laravel api routes directly

I have a laravel api app where we can access the api via http://mydomain/api/v1/categories. I have also implemented kong api gateway to access those api. How to restrict the accessing of api through laravel api routes and allow only through kong api gateway.
For eg. Accessing http://mydomain/api/v1/categories which is laravel route should return 404 but `http://kongdomain/service1/v1/categories should return the response.
This will prevent access of API endpoint which i cannot track and everything passes through Kong API gateway.
Add required parameter accessKey=examplekey in your api request, And then you can access your laravel api with this examplekey.

AWS API gateway: Custom domain supporting multiple Http APIs

I have created two lambda functions
register
login
and both of them are getting triggered from respective "Http APIs" in the API gateway. I have set up the stage for both of them as prod. Now I want to call them using my custom subdomain e.g prodapi.mydomain.com by setting the path as "v1"
prodapi.mydomain.com/v1/register
prodapi.mydomain.com/v1/login
I am able to achieve it for a single API but when I try to do API mapping for the other one using the same path, it doesn't allow that and says "ApiMapping key already exists for this domain name".
Any suggestion on how to achieve this?
can you share the endpoint url, before adding the subdomain, and after adding the subdomain
And can you explain your endpoints, how it should look like before adding the subdomain and after

API Gateway: Mixture Of Authenticated and Unauthenticated Endpoints

I have been working on creating a platform utilizing microservices architecture with an API Gateway. One question that I'm stuck on, is how to have the API Gateway handle both authenticated and unauthenticated endpoints.
Here is a simplified and rough diagram of the system I am thinking about
For my system, I'll be using Auth0, and I think I want to have the service check if the token is valid using the public key, instead of the gateway doing it. This gives me more flexibility if I want to make one of my services public someday. And I think I want to keep my gateway small.
But how will the gateway handle a mixture of both authenticated an unauthenticated endpoints? I.E. I want to make the GET endpoint "open", and the POST endpoint require login. Which entity should manage whether an endpoint is "open" or "requires login", the gateway or the service?
Should I always have the gateway pass along the request to the service, regardless of whether the user is logged in or not, and have the service return a 401?
Or should the gateway contain some logic about which endpoints require login, and return 401 if there is no token in the request? Skipping the service entirely.
Yes it is configured on the gateway you will be using. For example on AWS API gateway you can have a lambda custom gateway authorizer for access points. The authorizer function can 'authorize' by returning ok for all request to that endpoint.
More reading here
This is one of main responsibilities of API Gateways in my opinion. It may depend on the specific API Gateway but one elegant solution that we used was:
All microservices define their endpoints and if they are protected or not in a descriptor file.
When it is deployed (perhaps in CI) it registers these definitions in the API Gateway
API Gateway accepts the request and check if it is protected or not
API Gateway may enrich request with user info if protected
All requests beyond Gateway is accepted secure to be accepted by services
This way we separate the concern of authentication from business logic / features

Question about Cloudfront access API Gateway

My frontend code is deployed in Cloudfront and tries to access Lambda through API Gateway. However, the API Gateway is authenticated with AWS_IAM which means it seems that frontend cannot access it directly. So I wonder if there are any methods I can access API Gateway like for example use Cognito to act as an authorizer or something else?
I have used the this aws blog, which show how to use API keys between an Amazon CloudFront distribution and API Gateway to secure access to your API in API Gateway in addition to your preferred authorization (AuthZ) mechanism already set up in API Gateway.

API Gateway combine results

I have separate auth service and products service.
I need to have an api gateway in front of the services and do this function for protected url:
Call the auth service and validates the user token
if token is valid attach the user id to the request and make the request to products service.
Is there any API gateway supports this custom logic to handle requests ?
Thanks.
The answer depends on the technology stack you are using. Which language? Which framework? Where to deployed? Do you use client sessions or JWT? Oauth or Saml or custom auth service?
If you can give more details we can help better. Here are three random examples:
If you have an AWS based stack (e.g. serverless) you can use AWS API Gateway with a custom auth handler. See this.
If you develop with a framework that supports middleware you can write a small middleware to handle auth. Example for golang here. Example for laravel here.
Hosting your own Zuul gateway with oauth example.
For a lot of technologies you will find standard oauth or saml components that you can use as middleware.

Resources