Recommended security for backend services


#1

What options are available to secure the communication between Tyk and downstream services?

  • Mutual SSL using client and server side certificates?
  • Pass-though JWT and have the downstream service verify the signature (seems double to me)?
  • … suggestions?

Many thanks!

Robin


#2

Not yet, we get asked that a lot

You could do this, it’s computationally expensive though

The cheapest and easiest thing to do is to end-to-end SSL the connection for one, and then also have tyk inject a shared secret into all upstream requests using the global request header injector, then have the service check for the shared secret to ensure the request originated from Tyk.


#3

Thanks Martin! Is support for mutual SSL on the roadmap today?


#4

It’s in there somewhere… :-/ I don;t think it will make the cut for 2.3 though.