White-listing all endpoints od an micro-service

Hi,
Is it wise to white-list all endpoints of a micro-service (e.i. 100 endpoints) to prevent wrong uri (404) request to reach upstream micro-service?
Can this configuration impact performance on APIs with 300 or more endpoints?
Where is best to manage white-listing? API, policy or key level?

Regards,
BK

Hi @bkomac,

Is it wise to white-list all endpoints of a micro-service (e.i. 100 endpoints) to prevent wrong uri (404) request to reach upstream micro-service?

I think this is dependent on your service and what it’s trying to achieve. If you have other endpoints that you don’t want exposed then of course it’s a good idea. If there are performance issues with the upstream micro-service handling 404, then maybe it’s also a good idea.

Can this configuration impact performance on APIs with 300 or more endpoints?

No I don’t think so. The are always performance issues with every setup or configuration. However, since Whitelisting on Tyk takes place at the very first check I assume it is as minimal as it can be (considering we are talking about micro-seconds here).

Where is best to manage white-listing? API, policy or key level?

This depends on the use cases of everything and everyone, users or groups:
Keys => If you want to manage whitelists per user
Policy => If you want tp manage it for a group of users/keys
API => If you want everything and everyone have access

1 Like