Hi,
Sorry, I guess we missed your reply.
To implement your flow I did the following:
- created closed api with a key (auth token for instance),
- Created a key for with access right to this api
- Test it. all good. move on
- Create another api with the api from step 1 as the upstream target and keyless!
- On the designer endpoint I with whitelist the endpoint path I would like to expose and add header
Authorizationand set the key as the value.
Does this help?