Here was the image I was trying to attach:
https://cwiki.apache.org/confluence/display/TC/API+Gateway
Jeremy
On Thu, May 11, 2017 at 2:14 PM, Amir Yeshurun wrote:
> Hi Jeremy,
> Note that attachments seems to be stripped off on this list and the image
> is unavailable.
>
>
I believe this use case should be solved with rewrite rules.
You don't always have the privileged to be able to mess with the service
API (consider a 3rd party service, e.g. Graphana)
The API layer is responsible to translate any customer facing route to the
backend location of the endpoint.
I
What is of utmost importance to me is the ability to ease into this. We
have a TO UI right now that needs to be unaffected by the API gateway in my
opinion. Granted the old UI might go away at some point but until that time
it needs to function as-is.
To me, the simplest approach is to key off
> invalidate ALL tokens by changing the token signing key
Interesting idea. That does mean that the signing key has to be retrieved
every time from the authentication authority, or it'd be subject to the
exact same set of attacks. But a nearly-constant rarely changing key could
be communicated
Regarding the TTL on the JWT token. a 5 minute TTL seems silly. What's the
point? Unless we get into refresh tokens but that sounds like oauth...blah.
What about this and maybe i'm oversimplifying. the TTL on the jwt token is
24 hours. If we become aware that a token has been compromised,
blockquote, div.yahoo_quoted { margin-left: 0 !important; border-left:1px
#715FFA solid !important; padding-left:1ex !important; background-color:white
!important; }
Hi all,
Is there any way to measure throughput of edge server ?I mean how to create
efficient load on edge servers?
ThanksSarp
I'm not 100% familiar with how the API gateway will work but I always
assumed that it was a microservice that handled everything /api/*. For
example, if you made a request to traffic-ops.domain.com/foo.jpg, the api
gateway would not kick inbut if you made a request to