[Flow] Implementing API key security in a Flow application
Pankaj Lele
pankaj at lelesys.com
Fri Oct 25 22:03:55 CEST 2013
Hi Søren,
I assume you must want to check the API key in some database for validity.
So instead of going in some deep firewall fiter or writing own
interceptor, you can simply create a authentication provideer and a API
key token. Then the party should be authenticated and then you can
simply implement the Policy restirctions on your Rest controllers. Did
you already try this?
-Pankaj
> Hi,
>
> I'm developing a Flow application, where we have a Rest API.
>
> For that purpose we will only accept request with a correct API key send
> along with the request.
>
> For this purpose I thought about adding it as a firewall filter like
> described in the documentation
>
> http://docs.typo3.org/flow/TYPO3FlowDocumentation/stable/TheDefinitiveGuide/PartIII/Security.html
>
>
> So I've created a Api interceptor and a voter (based on the AccessDeny
> classes), but I'm kinda stucked here.. In which one of these to should I
> implement the API key check? And how can I access the current request to
> get the controller and method name trying to be accessed?
>
> I hope you can help me in some direction
>
> Cheers
>
> Søren
--
Pankaj Lele
CTO - Lelesys, India
http://www.lelesys.com
Twitter: @pankajlele
More information about the Flow
mailing list