Hacker News new | ask | show | jobs
by _mikz 4457 days ago
You can write Lua middleware to do the Auth if you want. The traffic monitor website is protected by us, but the actual proxy is not authenticated as it could interfere with API you are using.
1 comments
jrochkind1 4457 days ago
Huh, so using this service will turn any authenticated API into an open api, usable by anyone that knows the URL?

That seems... unsuitable for most non-public apis.

link
_mikz 4457 days ago
It is a proxy, so if you don't explicitly add keys with a middleware the API will still need the auth.

But you can do key mapping: if you pass your key it will transform it to the real one and if not, then it will just return 403.

link