1

I'm attempting to setup a prototype API using nodejs that uses 3Scale's API management.

I've been able to find their plugin intergration code, which is as follows:

var ThreeScale = require('3scale').Client;
// keep your provider key secret
var client = new ThreeScale("X");

// you will usually obtain app_id and app_key from request params
client.authrep({ app_id: "Y",
                 app_key: "Z" }, function(response){
  if(response.is_success()) {
    // continue
  } else {
    throw new Error("not authorized " + response.error_message);
  }
});

Which makes some sense to me as part of a server module. But, I'm not sure where the client's credentials are in that equation....

I see it as the client is pointing to your app, and here's the password for the app...but what about the username/password for the actual client!? where does that get checked?

I feel like I'm not grasping their architecture (possible because it's my first real node project and definitely my first time using 3Scale)...

Further, what's a client's request then look like?

4

1 回答 1

5

在 3scale 系统中 app_id 和 app_key(在此身份验证方法中)代表用户(即开发人员)的凭据。这是因为每个用户都可以拥有多个应用程序,而一个应用程序只属于一个用户,因此您不需要用户凭据。在 3scale 系统端检查凭据,如果获得授权,它们会报告使用情况并将调用转发到您的 API。

provider_key 标识您的帐户(API 所有者),您必须对其保密(如果有人得到它,他们可以冒充您)。

您是否已经查看过 3scale 的支持网站?有很多关于系统架构的有用信息,一些关于集成的教程等。你可以在这里查看它们:http: //support.3scale.net

顺便提一句。node.js 插件是一个社区插件。您也可以尝试通过 nginx 反向代理进行集成。

于 2013-04-18T11:07:30.540 回答