Add Security to API
Closed this issue · 0 comments
srkirkland commented
So I think the best plan is to add to the API controller an auth filter, so that every request is checked against a list of valid keys/tokens.
We've used something like this before:
https://gist.github.com/srkirkland/f72be06b457d1dad8dae87e12811d70e
Then on the controller you just add it like [AuthTokenFilter]
to the API controller class.
The one tweak would be that we'll want to store a list of valid tokens instead of one single token like the above example has. Should be pretty easy though, just read from the config and split the string into an array of valid tokens, and check that the passed-in token matches any one of those.
Note this example is from the older version of .NET, so some tweaks might be needed.