0

I have a Grape API application built in Ruby. And also some other microservices built in Python, Java etc. I have to restrict some of these microservices from accessing a particular API in this grape application.

Now, this is implemented using IP whitelisting. But every time the IP of other microservices gets changed, the code of grape application has also to be changed which is not stable.

Is there any better solution for this? Please help.

jemonsanto
  • 513
  • 8
  • 19
shahana hamza
  • 107
  • 1
  • 1
  • 10
  • Have you considered implementing authentication and authorization by some kind of password, secret or API token? – spickermann Dec 10 '17 at 12:23
  • No. Is this API token set as header ? – shahana hamza Dec 11 '17 at 05:34
  • It depends has your application some kind of authorization or authentication? Do you use gems like devise, pundit or cancancan? Do you need multiple roles? Or is it really just one internal service that should be allowed to call that specific API endpoint? – spickermann Dec 11 '17 at 07:12
  • Its like only some of the internal service can access the API. Right now access is given by checking the ip address of that service. – shahana hamza Dec 14 '17 at 05:43

1 Answers1

0

Grape has built-in Basic and Digest authentication (the given block is executed in the context of the current Endpoint). Authentication applies to the current namespace and any children, but not parents.

# Basic authentication example
http_basic do |username, password|
  # verify user's password here
  { 'test' => 'password1' }[username] == password
end

# Digest authentication example:
http_digest({ realm: 'Test Api', opaque: 'app secret' }) do |username|
  # lookup the user's password here
  { 'user1' => 'password1' }[username]
end

More information on the differences between these two is available in other answers on StackOverflow.

More advanced authentication implementations are possible with Grape, for example OAUTH2, by utilizing additional gems.

anothermh
  • 9,815
  • 3
  • 33
  • 52