The following diagram shows how a request is processed by the Airlock Gateway using API keys with Airlock IAM.
The focus of the following is on API key-based access control. All other API protection features - such as filtering or enforcing API specifications - are not shown.
Exemplary API access
(1) | The administrator creates a Tech-Client and issues one or more API keys in the Airlock IAM Adminapp. Note: This step can be done manually in the Adminapp web application or using the REST API. |
(2) | The API key is delivered to the Tech-Client (the API client) and attached to each API request. |
(3) | The Airlock Gateway applies all filters on the request, extracts the API key, and looks up information about the Tech-Client by calling the API Policy Service end-point in Airlock IAM (this step may be skipped using cached information). |
(4) | Based on the Tech-Client attributes, the Airlock Gateway decides whether access to the API is granted and what rate limit applies. The request is passed to the API service. |