Skip to content

Exposing your API

Overview

Requests from any cloud API gateway to your API are passed through the untrusted internet. It means, you have to expose your API on a public IP address but accept requests only from trusted origins.

In order to use Project X to monetize your APIs, your API needs to accept requests from Project X and reject all requests coming from an unknow party.

At the moment, there are two ways to achieve that with Project X.

Authenticate Project X API Gateway by API key

The first technique allows you to authenticate Project X API Gateway by an API key it sends along with each request in a pre-defined header.

Configuring your API

If you're already using some API gateway, please refer to its documentation to learn how to set up API key authentication. After you've set up your API gateway and issued a new API key for Project X, refer to the next section to find out how to configure Project X to send the API key with each request.

Nginx

If you're using Nginx as a webserver, the easiest way to authenticate Project X by API keys is to use a map statement together with an if condition as shown below.

map $http_x_api_key $is_valid_key {
  default 0;
  "key1"  1;
}

server {
    location / {
        if ($is_valid_key = 0) {
            return 401; # Unauthorized
        }

        proxy_pass http://your_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

With this config, Nginx will reject all requests with the X-Api-Key header absent or having a different value than key1.

Replace the key1 with the API key you generated for Project X API Gateway and reload the webserver.

Configuring Project X API Gateway

To make Project X send the API key to your API in a header, you can use the request/response transformation feature.

It allows you to add/replace/delete HTTP headers for each proxied request.

To make Project X send the API key with each request:

  1. Navigate to APIs → choose an API → Transformations.
  2. Click Add new request transformation.
  3. Choose Target: Header, Action: Replace.

    This will add a header with the given name and value, or replace it with the specified value, if the request already has a header with this name.

  4. Enter the name of the header in which Project X API Gateway should send the API key. In the Nginx example above it's X-Api-Key.

  5. Enter the API key in the Value field.

    Please check the screenshot below for an example.

  6. Click Submit.

That's it: Project X will now add header X-Api-Key: <value> to each request.

Whitelist Project X IPs

Another way to secure your API is to whitelist Project X public IPs and block all other IP addresses from accessing your API.

The list of public Project X IPs:

5.75.137.77

Allow those in your Nginx or API gateway configuration, so that Project X is able to access it.