Hi, my organisation is planning to use Kong to secure an API. We are considering approached for securing the API in situations where the requests are sent to the API without going through Kong (e.g. if the API is accessed by IP).
Is there some way to tell if a request has come via Kong, that can be used by the web server to allow traffic through?
I understand I can check the IP address, but maybe there’s some way to get a signed token, in case I don’t know the IP?