Authentication

To authenticate requests sent by Hasura Event Triggers, an API key is used that we generate. This key is available to the Moped API (Flask app) and the Hasura GraphQL Engine ECS Task Definition.

How the Moped API gets the API key

MOPED_API_HASURA_APIKEY is set in the environment variables of the Moped API (Flask app)
The Moped API /event/ route code gets the MOPED_API_HASURA_APIKEY and compares it to MOPED_API_APIKEY which is retrieved from the request header from the request sent from the Hasura Event Trigger
See https://github.com/cityofaustin/atd-moped/blob/main/moped-api/events/events.py#L40-L53
If these keys do not match, the request is rejected and a 403 response is sent

How the Moped Hasura GraphQL Engine gets the API key

The API key is set in the ECS Task Definition of the Moped Hasura GraphQL Engine
If you look at the ECS Task Definition JSON tab, you will find a secrets key with values that are injected as environment variables
These secrets are injected from entries in AWS Systems Manager Parameter Store
Hasura sends the API key in Event Trigger request headers

PreviousHasura Event Logs and Truncate Cron Job

Last updated 2 years ago