Authentication at the edge Toru Maesaka | Software Engineer, Fastly
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Authentication at the edgeToru Maesaka | Software Engineer, Fastly
“The Fastly API is a RESTful API that supports all features available through the Fastly user interface”
Fastly API
• Customize how you interact with Fastly
Fastly API
• Customize how you interact with Fastly• Integrate Fastly with your system
Fastly API
• Customize how you interact with Fastly• Integrate Fastly with your system• Programmatically control Fastly
Fastly API
• Customize how you interact with Fastly• Integrate Fastly with your system• Programmatically control Fastly• Do less with Automation
Recap: Fastly API key
• Available to all customers
Recap: Fastly API key
• Available to all customers• One key per customer
Recap: Fastly API key
• Available to all customers• One key per customer• Use by including in Fastly-Key reader
Fastly API key limitations
• Key rotation can cause downtime
Fastly API key limitations
• Key rotation can cause downtime• Role based access control is not available
Recap: Fastly API key
• Key rotation can cause downtime• Role based access control is not available• Affects everyone in the organization
We’ve had lots of
feedback
And we’ve listening
API TokensDesigned to solve API Key limitations
API Tokens
• API Tokens are available per user
API Tokens
• API Tokens are available per user• Users can create multiple tokens
API Tokens
• API Tokens are available per user• Users can create multiple tokens• Two-factor Authentication
API Tokens
• API Tokens are available per user• Users can create multiple tokens• Two-factor Authentication• RBAC / Token Authorization
API Tokens
• API Tokens are available per user• Users can create multiple tokens• Two-factor Authentication• RBAC / Token Authorization• Zero downtime token rotation
Token Authorization
• Just the right amount of power
Token Authorization
• Pinning a Token to a Service
Token Authorization
• Pinning a Token to a Service ✔
Token Authorization
• Authorization Scope
Scope Description
api-key Same access level as an API Key (default)
purge Purge with surrogate-key and URL
purge_all Purge an entire service
Creating a token
POST /tokens
curl -H “Fastly-OTP: 123456” \ -d “[email protected]&password=$SECRET” \ -d “name=purge_token” \ -d “scope=purge” \ https://api.fastly.com/tokens
Creating a token
POST /tokens
curl -H “Fastly-OTP: 123456” \ -d “[email protected]&password=$SECRET” \ -d “name=purge_token” \ -d “scope=purge” \ https://api.fastly.com/tokens
{ “id”: "5YvQH3Rg4bPPkhvPC6WFm2", “user_id”: "1dZ0KVnlsFXc3ZiW9hsAb3", “access_token”: "a103bb87a7b4c71ff932f871dd19dabc", “service_id”: null, “name”: "Fastly API Token", “scope”: "api-key" “created_at”: 2016-06-21T23:04:20+00:00" }
{ “id”: "5YvQH3Rg4bPPkhvPC6WFm2", “user_id”: "1dZ0KVnlsFXc3ZiW9hsAb3", “access_token”: "a103bb87a7b4c71ff932f871dd19dabc", “service_id”: null, “name”: "Fastly API Token", “scope”: "api-key" “created_at”: 2016-06-21T23:04:20+00:00" }
Revoking a token
DELETE /tokens/self Revokes a token used in the request
DELETE /tokens/:id Revokes a token based on token id
Other features
GET /tokens/self Get basic information about the token
GET /tokens List a user’s provisioned tokens
GET /customer/:id/tokens List all tokens associated to a customer (for superuser)
Where to from here?
Documentation available at:
• https://docs.fastly.com/api/auth
Related Documents
