My idea is to add a meta field per api-key in Tyk (which is unique for each customer)
In PowerDNS that label exists in the ‘account’ field. Which can be requested via a REST query to PowerDNS.
So this means that each incoming management query from a customer needs to be validated by a query from Tyk on the REST api from PowerDNS and match the value of a meta field with the result of a query on PowerDNS.
This whole data flow might be too complex but i don’t see another way.
I’m very eager to hear what thoughts in the community are on this setup.
You could look at using JSON Web Tokens, where you put the account data into the token as a claim, and then sign it with your private key, that way you can be certain the inbound data is correct (and have Tyk validate it) and still retain the metadata regarding the account info (because it is part of the token).