Gateway service is free of login and inspection

background

There are many functions of gateway services, such as load balancing, routing and forwarding, authentication and so on. Recently, two types of problems have been encountered when making requirements. The gateway service needs to provide some support. How can users bypass the gateway authentication and avoid logging in? How to exempt the Api

Gateway without login

Recently encountered a demand: the buyer issued an inquiry on the platform, and IM client. The seller can click on the card to jump to the corresponding quotation page to make a quotation, and the buyer can Click the card to jump to the inquiry form details page to view the quotation. Because the above jumping method is to IM client, for the user's experience and efficiency, it is hoped that the jumping process will skip the login link.

IM client user and web end user both log in through the company's one account ( SSO ), and accounts between different systems are interoperable, so when IM client wakes up the browser to open the link, the identity information can be used as the url parameter, the gateway When it is detected that the identity information is carried on the access link, it will be released and routed and forwarded. The detailed process is as follows:

Gateway exemption

When talking about how to achieve gateway inspection-free, let’s first describe a real business scenario: a car owner goes to a repair shop to repair a car, and the repair shop recommends a lot of accessories of different brands to the car owner. The car owner does not know which brand of accessories to choose and hopes to repair it The manufacturer can introduce it, so the maintenance manufacturer will H5 ) to the car owner, and the car owner chooses one of the brand accessories when comparing the advantages and disadvantages of different brands.

In the above scenario, the car owner opens the H5 page through the browser to view the brand introduction information. After the page is opened, the interface will be called to obtain the business information, but the car owner is not a platform user and cannot log in. Therefore, the gateway needs to H5 link and interface from inspection. , release it. The common method for url inspection is to add the critical path /public the request path containing 061e6abd1d071c