Routes and Path Params

Questions
1

Hi all,

I’m planning on creating a service which returns data dependent on a given path parameter. ( e.g. HTTP/GET on “/customers/1” to retrieve all customer “1’s” data). In addition to this, they’ll also need to be a security restriction so that only specific consumers can have access to the appropriate data (e.g. consumer1 can only access “/customers/1”, consumer2 to “/customers/2”, etc etc)

I’m looking at using the acl plugin but it seems like I’d need to create a different route for each value of the path param so that I can restrict access at this level of granularity.

Couple of questions…

  1. Is this correct approach?
  2. Wouldn’t this mean that the number of routes is tied to the number of customers?
  3. Can Kong cope with a large number of routes?

Thanks, Lee

2

My approach would be this:

  1. Create different kong consumers per each of your customers. They each will have their own JWT or OAUTH Client Credentials.

  2. The route will just be a wildcard /customers/* with an acl plugin + jwt/oauth attached to it.

  3. No need for large number of routes, you broke out access by client credentials.

  4. In your backend API make sure you check the URI customers/1 matches the credentials you gave to your kong consumer on the backed with the header uuid’s kong passes back letting u know who the authenticated cconsumer is, you would probably need to store those associations in a backend db of your own too that relationship consumer1 <-> kong consumer.