Re: API GW route configuration

2017-05-11 Thread Jeremy Mitchell
Here was the image I was trying to attach: https://cwiki.apache.org/confluence/display/TC/API+Gateway Jeremy On Thu, May 11, 2017 at 2:14 PM, Amir Yeshurun wrote: > Hi Jeremy, > Note that attachments seems to be stripped off on this list and the image > is unavailable. > >

Re: Removing 'internal' from TO API

2017-05-11 Thread Amir Yeshurun
I believe this use case should be solved with rewrite rules. You don't always have the privileged to be able to mess with the service API (consider a 3rd party service, e.g. Graphana) The API layer is responsible to translate any customer facing route to the backend location of the endpoint. I

Re: API GW route configuration

2017-05-11 Thread Jeremy Mitchell
What is of utmost importance to me is the ability to ease into this. We have a TO UI right now that needs to be unaffected by the API gateway in my opinion. Granted the old UI might go away at some point but until that time it needs to function as-is. To me, the simplest approach is to key off

Re: API GW route configuration

2017-05-11 Thread Chris Lemmons
> invalidate ALL tokens by changing the token signing key Interesting idea. That does mean that the signing key has to be retrieved every time from the authentication authority, or it'd be subject to the exact same set of attacks. But a nearly-constant rarely changing key could be communicated

Re: API GW route configuration

2017-05-11 Thread Jeremy Mitchell
Regarding the TTL on the JWT token. a 5 minute TTL seems silly. What's the point? Unless we get into refresh tokens but that sounds like oauth...blah. What about this and maybe i'm oversimplifying. the TTL on the jwt token is 24 hours. If we become aware that a token has been compromised,

Edge Server throughput measure

2017-05-11 Thread Burak Sarp
blockquote, div.yahoo_quoted { margin-left: 0 !important; border-left:1px #715FFA solid !important; padding-left:1ex !important; background-color:white !important; } Hi all, Is there any way to measure throughput of edge server ?I mean how to create efficient load on edge servers? ThanksSarp

Re: Removing 'internal' from TO API

2017-05-11 Thread Jeremy Mitchell
I'm not 100% familiar with how the API gateway will work but I always assumed that it was a microservice that handled everything /api/*. For example, if you made a request to traffic-ops.domain.com/foo.jpg, the api gateway would not kick inbut if you made a request to