I am trying to make sure that only one endoint is able to get through to my API. That endpoint is:
GET http://external-api.mydomain.com/myapi/v1/fetchData.
( as an example one of the endpoints which should not be reachable: GET http://external-api.mydomain.com/myapi/v1/internalLookup)
No matter how I configure my API-definition I always get
{
"error": "Requested endpoint is forbidden"
}
Key points to notice:
- I need an keyless API.
- I have tried all of the below mentioned endpoints but nothing helps (I understand that the target is to only have one which works).
- If I disabled all whitelist endpoints I have no issue reaching the upstream API.
This is my current API config:
{
"id": "5a154c3e214ddc06e4c53b41",
"name": "My API",
"slug": "myapi",
"api_id": "98916f6eb57a43b65a9a672b1fc25202",
"org_id": "5a12b183214ddc0754bb3a32",
"use_keyless": true,
"use_oauth2": false,
"use_openid": false,
"openid_options": {
"providers": [],
"segregate_by_client": false
},
"oauth_meta": {
"allowed_access_types": [],
"allowed_authorize_types": [],
"auth_login_redirect": ""
},
"auth": {
"use_param": false,
"param_name": "",
"use_cookie": false,
"cookie_name": "",
"auth_header_name": "",
"use_certificate": false
},
"use_basic_auth": false,
"use_mutual_tls_auth": false,
"client_certificates": [],
"upstream_certificates": {},
"enable_jwt": false,
"use_standard_auth": false,
"enable_coprocess_auth": false,
"jwt_signing_method": "",
"jwt_source": "",
"jwt_identity_base_field": "",
"jwt_client_base_field": "",
"jwt_policy_field_name": "",
"notifications": {
"shared_secret": "",
"oauth_on_keychange_url": ""
},
"enable_signature_checking": false,
"hmac_allowed_clock_skew": -1,
"base_identity_provided_by": "",
"definition": {
"location": "url",
"key": "version"
},
"version_data": {
"not_versioned": false,
"versions": {
"v1": {
"name": "v1",
"expires": "",
"paths": {
"ignored": [],
"white_list": [],
"black_list": []
},
"use_extended_paths": true,
"extended_paths": {
"white_list": [
{
"path": "myapi/v1/fetchData/",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
},
{
"path": "/myapi/v1/fetchData",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
},
{
"path": "/v1/fetchData",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
},
{
"path": "/fetchData/",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
},
{
"path": "fetchData/",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
},
{
"path": "/fetchData",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
},
{
"path": "fetchData",
"method_actions": {
"GET": {
"action": "reply",
"code": 200,
"data": "",
"headers": {}
}
}
}
],
"track_endpoints": [
{
"path": "/fetchData",
"method": "GET"
}
]
},
"global_headers": {},
"global_headers_remove": [],
"global_size_limit": 0,
"override_target": ""
}
}
},
"uptime_tests": {
"check_list": [
{
"url": "https://myapi.mydomain.com/health",
"method": "GET",
"headers": {},
"body": ""
}
],
"config": {
"expire_utime_after": 0,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "",
"port_data_path": "",
"target_path": "",
"use_target_list": false,
"cache_timeout": 60,
"endpoint_returns_list": false
},
"recheck_wait": 0
}
},
"proxy": {
"preserve_host_header": false,
"listen_path": "/myapi/",
"target_url": "https://myapi.mydomain.com",
"strip_listen_path": false,
"enable_load_balancing": false,
"target_list": [],
"check_host_against_uptime_tests": false,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "",
"port_data_path": "",
"target_path": "",
"use_target_list": false,
"cache_timeout": 0,
"endpoint_returns_list": false
}
},
"disable_rate_limit": true,
"disable_quota": true,
"custom_middleware": {
"pre": [],
"post": [],
"post_key_auth": [],
"auth_check": {
"name": "",
"path": "",
"require_session": false
},
"response": [],
"driver": "",
"id_extractor": {
"extract_from": "",
"extract_with": "",
"extractor_config": {}
}
},
"custom_middleware_bundle": "",
"cache_options": {
"cache_timeout": 0,
"enable_cache": false,
"cache_all_safe_requests": false,
"cache_response_codes": [],
"enable_upstream_cache_control": false
},
"session_lifetime": 0,
"active": true,
"auth_provider": {
"name": "",
"storage_engine": "",
"meta": {}
},
"session_provider": {
"name": "",
"storage_engine": "",
"meta": {}
},
"event_handlers": {
"events": {}
},
"enable_batch_request_support": false,
"enable_ip_whitelisting": false,
"allowed_ips": [],
"dont_set_quota_on_create": false,
"expire_analytics_after": 0,
"response_processors": [],
"CORS": {
"enable": true,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"debug": false
},
"domain": "",
"do_not_track": false,
"tags": [],
"enable_context_vars": false,
"config_data": {},
"tag_headers": [],
"global_rate_limit": {
"rate": 0,
"per": 0
},
"strip_auth_data": false
}