First off I want to say how much I appreciate your efforts to track down and fix the recent, apparently authentication related, issues.
Several sites that I regularly work with handle the task of controlling access to an API from a common sign-in system with a process like this:
1. The user signs into the common sign-in (earthdata in this case) and gets a specific set "API credentials". This seems to usually be a one time procedure, though I imagine you could configure it to require periodic credential rotation if that is preferred.
2. Through "back end server magic" the API credentials are communicated to the system hosting the API.
3. When the system hosting the API receives a request, it validates the API credentials locally, then responds as appropriate.
This process both allows the API calls to be as efficient as possible and decouples the common sign-in system from routine API calls.
OBPG may want to consider using a similar system. I believe LANCE and PODAAC use a system along these lines that communicates with earthdata, so you may be able to leverage some of their work in implementing it.
Sincerely, Andrew LaRoy
- User Services
- Posts: 1429
- Joined: Wed Sep 18, 2019 6:15 pm America/New_York
- Been thanked: 1 time
Indeed we are looking to do exactly that :grin: ...been on the todo for too long, so I'm pushing to bubble it up the queue. Trouble is there's a lot of nuts to hide, and not enough squirrels...
Great minds think alike? If there's any help I can give you beyond suggestions and cheer leading (external testing perhaps?) just let me know.
As a one man production team, I certainly understand having to balance limited resources between improving existing product quality, new products and data flow issues :).