Tyk and PowerDNS with REST

Dear community,

I’m working on a setup where I’m matching Tyk with PowerDNS and trying to find out if I’m heading in the right direction. The idea is the following;

I have several ‘customers’ who manage their own PowerDNS zones via the REST api,
in Tyk this translates to ‘http://tyk-gw:8080/powerdns/api/v1/servers/localhost/zones/example.com’.

My idea is to add a meta field per api-key in Tyk (which is unique for each customer)
In PowerDNS that label exists in the ‘account’ field. Which can be requested via a REST query to PowerDNS.

So this means that each incoming management query from a customer needs to be validated by a query from Tyk on the REST api from PowerDNS and match the value of a meta field with the result of a query on PowerDNS.

This whole data flow might be too complex but i don’t see another way.

I’m very eager to hear what thoughts in the community are on this setup.

Many thanks in advance!

You could try to look at the Tyk Dynamic Javascript middleware, but having every inbound request be validated by another REST call is a pretty inefficient way to validate requests. If you set up the JSVM middleware right I guess you could cache them in the sandbox.

You could look at using JSON Web Tokens, where you put the account data into the token as a claim, and then sign it with your private key, that way you can be certain the inbound data is correct (and have Tyk validate it) and still retain the metadata regarding the account info (because it is part of the token).

That makes sense. So let’s say I would put the info which I wanted to request via another REST in Redis instead. Performance-wise that would be much more efficient. I read Redis has an javascript-client. Would it be possible to access a Redis DB from the dynamic middleware scripting?

Hmmm, you’d need to experiment. The JSVM can handle quite a lot, and has been made to run all kinds of libs, but no guarantees, especially if you need raw socket access.

You could keep the cache in memory, and only do the round trip when new IDs come in.