[ckan-dev] CKAN question about APIKey
Marc.Kimpe at cronos.be
Fri Aug 5 14:09:26 BST 2011
Thanks Rufus for the answer.
I got it solved by
protecting the std-ckan with my reverse proxy
opening up only std-ckan/api - the reverse proxy thought that the
APIKey was for his authorization.
So everybody can read through the API.
Only holders of an APIKey - to be obtained from std-ckan, which is
protected - can write.
The case "(and a similar fix may be needed for reverse proxy setups)."
would apply here,
though I do not see how to do this since the reverse proxy does not
have modwsgi installed.
On 05 Aug 2011, at 14:01, Rufus Pollock wrote:
> On 5 August 2011 06:24, Kimpe Marc <Marc.Kimpe at cronos.be> wrote:
>>> I have a standard install of the CKAN software.
> Great to hear -- and perhaps you'd be up for adding some info about
> your instance to this page:
> (You'll need to register to edit at the moment)
>>> It is working fine.
>>> However there is a slight problem with reverse proxies.
>>> While I can load data with the API locally - behind my reverse
>>> it is not working if I pass through the reverse proxy.
> Just to check, if you are using modwsgi you need:
> WSGIPassAuthorization On
> Otherwise the API Key info is not necessarily passed through correctly
> (and a similar fix may be needed for reverse proxy setups).
> More info about deployment is here:
> (Please do add info about your own experiences)./
>>> Probably the APIKey being generated for the site ( tmpl-ckan) is
>>> working if I address the site through the reverse proxy ( std-
>>> ckan ).
>>> Is there a documented way to indicate the actual URL we use to
>>> generate the APIKey ?
>>> Alternatively can we disable the APIKey, since the reverse proxy is
>>> checking credentials anyway ?
> CKAN just checks the API key -- it isn't tied to a specific url so
> this should not be an issue.
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
More information about the ckan-dev