Using X-API-Key header to secure an LTM pool of API servers

Question

Is it possible to use any of the modules on a BIG-IP to secure a pool of API servers. I'm guessing at an APM or iRule solution but struggling to find examples. We have ASM, APM and LTM modules installed. The current solution thinking being client servers from a third party would use the X-API-Key header in their HTTPS requests to our API, we aren't considering OAuth at this time due to the added complexity. Any thoughts would be most welcome.

yann_desmarest · Answer

Hi,&nbsp;
you can use an irule to retrieve the header valie and then use either a sideband connection to validate the token or an access policy using ACCESS::policy evaluate command with an access profile containing a HTTP AAA server to validte the token&nbsp;

Forum Discussion

Using X-API-Key header to secure an LTM pool of API servers

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Rewrite Host Header to Server Name

(HTTP) Redirection via Arbitrary Host Header

Remove X- Headers From Web Server Response

Remove the "Server" header

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS