Calling Developers!
We are reenergizing our code contribution process! Learn More

What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hi, general question: How is the backend-gateway supposed to be protected from calls outside of Zed

Options
U01LLUGR1F0
U01LLUGR1F0 Posts: 60 🧑🏻‍🚀 - Cadet

Hi,
general question:
How is the backend-gateway supposed to be protected from calls outside of Zed (direct calls to the url)?

Comments

  • Alberto Reyer
    Alberto Reyer Lead Spryker Solution Architect / Technical Director Posts: 690 🪐 - Explorer
    Options

    There is an API token passed from the client to the gateway:

    (from config_default.php)

    $config[UserConstants::USER_SYSTEM_USERS] = [
        'yves_system',
    ];
    $config[SecuritySystemUserConstants::AUTH_DEFAULT_CREDENTIALS] = [
        'yves_system' => [
            'token' => getenv('SPRYKER_ZED_REQUEST_TOKEN') ?: '',
        ],
    ];
    
  • Alberto Reyer
    Alberto Reyer Lead Spryker Solution Architect / Technical Director Posts: 690 🪐 - Explorer
    Options

    But if you host Spryker on premise it might be wise to allow requests on Zed only from a certain network to improve the security here. Downside is that everyone who needs to have access to Zed either needs to come from these network (e.g.: VPN) or you can put the backoffice container into a DMZ like you should do with Yves as well.