How do i use basic auth to secure API endpoints?

coconut · November 4, 2020, 12:30am

Ive been using caddy for awhile as a basic web server and its great. but now im interested in something a little more complicated and wanted to ask some questions before i started.
i want to use caddy to be a reverse proxy to a API beingn served over https, but I want it to be password protected and available to multiple users.

i see with basic auth i can set a username and password for the realm it “defends” (like /whatever). But what I dont understand is how would i use basic auth to protect something like an API’s endpoints (do I set a rule for each path in the API?)

my second question is, can i use basic auth with multiple users for the same realms? how would i have multiple username/passwords for the same realm (the API’s endpoints)?

thanks!

francislavoie · November 4, 2020, 7:34am

Well, it depends how your API is served. If it’s just under some path like /api, then you could just do this:

example.com {
	basicauth /api* {
		Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
	}	

	reverse_proxy your-backend:8080
}

This would ensure that any requests to anything under /api like /api/foo etc would require a username of Bob with a password of whatever that hashed to.

Please fill out the help thread template, because it’s unclear what you already have, so it’s hard to point at anything specific to do without having a better understanding.