1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-25 00:07:47 +01:00

Update securing-unleash.md

This commit is contained in:
Ivar Conradi Østhus 2018-01-17 21:58:08 +01:00
parent 1c5b8864cd
commit 44047490e4

View File

@ -1,4 +1,4 @@
# Secure Unleash
# Securing Unleash
The Unleash API is split in two different paths: `/api/client` and `/api/admin`.
This makes it easy to have different authentication strategy for the admin interface and the client-api used by the applications integrating with Unleash.
@ -26,6 +26,8 @@ Examples on custom authentication hooks:
- [google-auth-hook.js](https://github.com/Unleash/unleash/blob/master/examples/google-auth-hook.js)
- [basic-auth-hook.js](https://github.com/Unleash/unleash/blob/master/examples/basic-auth-hook.js)
We also have a version of Unleash deployed on heroku which uses Google Oauth 2.0:
https://secure-unleash.herokuapp.com
## Securing the Client API
A common way to support client access is to use pre shared secrets. This can be solved by having clients send a shared key in a http header with every client requests to the Unleash API. All official Unleash clients should support this.