How to mask the sessions of openziti api requests

sadath-12 · July 5, 2024, 4:44pm

Currently , I'm using password auth , but even if we use cert will still have to pass sessionID at every requests .

We don't want our users to see in network requests and able to access to controller .

Could think of adding firewalls , security rules but we give jwts for user to bring their routers so request can come from anywhere .

So question is how do we mask the information and make it more tight when sending requests .

By answering with the approaches please paste implementation guide link

qrkourier · July 5, 2024, 5:30pm

Ziti identities may or may not have the administrator privilege. Ziti identities may authenticate with a password or edge enrollment certificate or another identifying document from a trusted provider, e.g. OpenID Connect.

However the identity authenticates, it receives an API session token. It's expected that the identity has access to that token because it represents the identity.

Topic		Replies	Views
How can the authenticate API prevent brute force attacks? Ziti Overlay	4	35	November 6, 2024
Totally custom, self-maintained PKI Ziti Overlay	6	425	August 25, 2022
Flow session view General Questions	3	252	April 26, 2023
Ziti cli user question General Questions	1	357	August 25, 2022
SDK and Enrollment SDK Questions	3	155	January 22, 2024

How to mask the sessions of openziti api requests

Related topics