diff --git a/website/blog/2023-04-12-relay_proxy_api_keys/20945235.png b/website/blog/2023-04-12-relay_proxy_api_keys/20945235.png new file mode 100644 index 00000000000..83e85080743 Binary files /dev/null and b/website/blog/2023-04-12-relay_proxy_api_keys/20945235.png differ diff --git a/website/blog/2023-04-12-relay_proxy_api_keys/index.mdx b/website/blog/2023-04-12-relay_proxy_api_keys/index.mdx new file mode 100644 index 00000000000..a83339a03cc --- /dev/null +++ b/website/blog/2023-04-12-relay_proxy_api_keys/index.mdx @@ -0,0 +1,112 @@ +--- +title: Limiting Access to the relay proxy with API Keys +description: New API Key feature in GO Feature Flag Relay Proxy 1.7.0 allows you to restrict access to the relay proxy to only known clients. +authors: [thomaspoignant] +tags: [feature flag, relay-proxy] +image: http://gofeatureflag.org/assets/images/20945235-ede9f141540af91fe5fa5fdc4f3d7fe6.png +--- +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +![security](20945235.png) + +GO Feature Flag Relay Proxy is a powerful tool that enables you to evaluate your feature flags without deploying code changes. +It allows you to test and roll out new features to your users gradually, and to monitor the performance of your code in real-time. + +With the recent release of version `v1.7.0`, GO Feature Flag Relay Proxy introduces a new feature that enhances the +security of your feature flag evaluations. +This new feature allows you to control who can access your relay proxy by configuring API Keys. + + + +## Limiting Access with API Keys + +With the release of GO Feature Flag Relay Proxy version `v1.7.0`, you can now limit access to the relay proxy by configuring API Keys. +This feature allows you to restrict access to only known clients, adding an additional layer of security to your feature flag evaluations. + +To enable this feature, you need to add a list of API Keys to your configuration. +Only requests with these API Keys will be accepted. This means that any requests without a valid API Key will be rejected. + +In your **relay proxy** configuration file it will look like this: +```yaml +# ... +# List of authorized API keys. +# Each request will need to provide one of authorized key inside Authorization header with format Bearer . +# There will be no authorization when this config is not configured. +apiKeys: + - 6147795c-4438-44f1-8ab2-18cb3fa9591f # apiKey for client 1 + - 3e3fb534-c8fd-42e9-8f2e-c80276b1685c # apiKey for client 2 + - 6603f9f8-2871-4149-81e8-8a362a8ae266 # apiKey for client 3 + - 0fc30ffe-b9bc-4398-a9f1-6f8b8486e8ce # apiKey for client 4 + - 500d222e-2654-41a4-bd31-e24a629cb78a # apiKey for client 5 + +# ... +``` + +## Using Client API Keys with Openfeature Providers + +If you are using Open Feature and our providers, we have updated them to handle the `apiKey` for you. +You can now specify your `apiKey` directly when you are initializing your provider. This will authenticate every request +to the relay proxy with this apiKey. + +To use this feature, you need to specify the client API Key in your Open Feature provider initialization. +This can be done by adding the `apiKey` like this: + + + + +```go +provider, err := gofeatureflag.NewProvider(gofeatureflag.ProviderOptions{ + //... + APIKey: "6147795c-4438-44f1-8ab2-18cb3fa9591f", +}) +``` + + + + +```dotnet +GoFeatureFlagProviderOptions options = new GoFeatureFlagProviderOptions{ + // ... + ApiKey = "6147795c-4438-44f1-8ab2-18cb3fa9591f" + } + +GoFeatureFlagProvider authenticatedProvider = new GoFeatureFlagProvider(options); +``` + + + + +```java +GoFeatureFlagProviderOptions options = + GoFeatureFlagProviderOptions.builder() + .apiKey("6147795c-4438-44f1-8ab2-18cb3fa9591f") + .endpoint(relayProxyAuthenticatedEndpoint) + .build(); + +GoFeatureFlagProvider provider = new GoFeatureFlagProvider(options); +``` + + + + +```javascript +const goFeatureFlagProvider = new GoFeatureFlagProvider({ + // ... + apiKey: '6147795c-4438-44f1-8ab2-18cb3fa9591f' +}); +``` + + + + + +## Conclusion + +The new feature of GO Feature Flag Relay Proxy 1.7.0 allows you to limit access to your relay proxy by configuring API Keys. + +This adds an extra layer of security to your feature flag evaluations, ensuring that only known clients can access your relay proxy. + +This feature is easy to configure and can be set up in a matter of minutes, giving you peace of mind knowing that your feature flags are secure. + +