[ckan-dev] CKAN question about APIKey

Kimpe Marc Marc.Kimpe at cronos.be
Fri Aug 5 13:09:26 UTC 2011 

Thanks Rufus for the answer.


I got it solved by
protecting the  std-ckan  with my reverse proxy
and
opening up only  std-ckan/api  -  the reverse proxy thought that the  
APIKey was for his authorization.

So everybody can read through the API.
Only holders of an APIKey - to be obtained from std-ckan, which is  
protected - can write.


The case "(and a similar fix may be needed for reverse proxy setups)."  
would apply here,
though I do not see how to do this since the reverse proxy does not  
have modwsgi installed.


Kind Regards,

Marc


On 05 Aug 2011, at 14:01, Rufus Pollock wrote:

> On 5 August 2011 06:24, Kimpe Marc <Marc.Kimpe at cronos.be> wrote:
>>> I  have a standard install of the CKAN software.
>
> Great to hear -- and perhaps you'd be up for adding some info about
> your instance to this page:
>
> <http://wiki.ckan.net/Instances>
>
> (You'll need to register to edit at the moment)
>
>>> It is working fine.
>>>
>>>
>>> However there is a slight problem with reverse proxies.
>>>
>>> While I can load data with the API  locally -  behind my reverse
>>> proxy,
>>> it is not working if I pass through the reverse proxy.
>
> Just to check, if you are using modwsgi you need:
>
>        WSGIPassAuthorization On
>
> Otherwise the API Key info is not necessarily passed through correctly
> (and a similar fix may be needed for reverse proxy setups).
>
> More info about deployment is here:
>
> <http://wiki.ckan.net/Deployment>
>
> (Please do add info about your own experiences)./
>
>>> Probably the APIKey being generated for the site ( tmpl-ckan)  is  
>>> not
>>> working if I address the site through the reverse proxy ( std- 
>>> ckan ).
>>>
>>> Is there a documented way to indicate the actual URL we use to
>>> generate the APIKey ?
>>> or
>>> Alternatively can we disable the APIKey,  since the reverse proxy is
>>> checking credentials anyway ?
>
> CKAN just checks the API key -- it isn't tied to a specific url so
> this should not be an issue.
>
> Regards,
>
> Rufus
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev

More information about the ckan-dev mailing list