'Kong protecting APIS and rate limiting
I have an API, let's say api.example.com that is protected by CORS in KONG. That API is also authenticated by the backend. Now, I need to allow some external users to use the API, but I need to Rate limit it before.
So, is there a way to protect a service with this OR clause natively or should I make a plugin?:
I need to allow access to the api from WEB, INTERNALS and EXTERNALS
The conditions are:
- api.example.com can be used by browser protected by CORS plugin in Kong (WEB)
- api.example.com is used outside browser but only with apikey (INTERNALS), so I don't need to send the apikey in my frontend requests.
- Also if it is used without apikey and outside browser, it will be rate limited (EXTERNALS)´
Something like
if (fromBrowser) return true;
else if (valid(apikey)) return true;
else if (!valid(apikey)) return false;
else if (empty(apikey) && !fromBrowser && rateLimit()) return true;
else return false;
I'm also open to other topologies for this use case. I can create more DNS entries if someone proposes it. What I can't change is the main API url, but I can create a new one to EXTERNALS users.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|