-
Notifications
You must be signed in to change notification settings - Fork 6
External APIs to interact with other systems
Currently VRO supports JWT auth tokens, API auth keys, and mutual TLS to connect to LHDI. This is described in the links below.
Since the JWT Bearer token secures internal micro-services and external api communication, vro disables CSRF protection because according to spring docs it is not recommended. SecurityConfig.java The securityConfig defines a securityFilterChain that describes the behavior of the JWT lifecycle.
The API key is used for Swagger-ui which is a way to locally expose endpoints. (WIP)
Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection. Spring Docs Source