diff --git a/packages/airnode-feed/README.md b/packages/airnode-feed/README.md index 14a92213..e3bcce3e 100644 --- a/packages/airnode-feed/README.md +++ b/packages/airnode-feed/README.md @@ -283,11 +283,12 @@ Configuration for the signed APIs. Each signed API is defined by a `signedApiNam example: ```jsonc -// Defines a single signed API. +// Defines a single signed API that uses AUTH_TOKEN secret as Bearer token when pushing signed data to signed API. "signedApis": [ { "name": "localhost", - "url": "http://localhost:8090" + "url": "http://localhost:8090", + "authToken": "${AUTH_TOKEN}" } ] ``` @@ -304,6 +305,13 @@ The name of the signed API. The URL of the signed API. +#### `authToken` + +The authentication token used to authenticate with the signed API. It is recommended to interpolate this value from +secrets. + +If the signed API does not require authentication, set this value to `null`. + #### `ois` Configuration for the OISes. diff --git a/packages/api/README.md b/packages/api/README.md index 602be41a..e854a9c0 100644 --- a/packages/api/README.md +++ b/packages/api/README.md @@ -145,15 +145,17 @@ The API needs to be configured with endpoints to be served. This is done via the ```jsonc // Defines two endpoints. "endpoints": [ - // Serves the non-delayed data on URL path "/real-time". + // Serves the non-delayed data on URL path "/real-time". Requesters need to provide the "some-secret-token" as Bearer token. { "urlPath": "/real-time", - "delaySeconds": 0 + "delaySeconds": 0, + "authTokens": ["some-secret-token"], }, - // Serves the data delayed by 15 seconds on URL path "/delayed". + // Serves the data delayed by 15 seconds on URL path "/delayed". No authentication is required. { "urlPath": "/delayed", - "delaySeconds": 15 + "delaySeconds": 15, + "authTokens": null, } ] ``` @@ -171,6 +173,14 @@ dashes. The delay in seconds for the endpoint. The endpoint will only serve data that is older than the delay. +###### `authTokens` + +The nonempty list of +[Bearer authentication tokens](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#bearer) allowed to query +the data. + +In case the endpoint should be publicly available, set the value to `null`. + #### `cache` _(optional)_ Configures the cache for the API endpoints. @@ -190,8 +200,8 @@ The maximum age of the cache in seconds. The cache is cleared after this time. #### `allowedAirnodes` -The list of allowed Airnode addresses. If the list is empty, no Airnode is allowed. To whitelist all Airnodes, set the -value to `"*"` instead of an array. +The list of allowed Airnodes with authorization details. If the list is empty, no Airnode is allowed. To whitelist all +Airnodes, set the value to `"*"` instead of an array. Example: @@ -203,10 +213,33 @@ Example: or ```jsonc -// Allows pushing signed data only from the specific Airnode. -"allowedAirnodes": ["0xB47E3D8734780430ee6EfeF3c5407090601Dcd15"] +// Allows pushing signed data only for the specific Airnode. No authorization is required to push the data. +"allowedAirnodes": [ { "address": "0xB47E3D8734780430ee6EfeF3c5407090601Dcd15", "authTokens": null } ] +``` + +or + +```jsonc +// Allows pushing signed data only for the specific Airnode. The pusher needs to authorize with one of the specific tokens. +"allowedAirnodes": { "address": "0xbF3137b0a7574563a23a8fC8badC6537F98197CC", "authTokens": ["some-secret-token-for-airnode-feed"] } ``` +##### `allowedAirnodes[n]` + +One of the allowed Airnodes. + +###### `address` + +The address of the Airnode. The address must be a valid Ethereum address. + +###### `authTokens` + +The nonempty list of +[Bearer authentication tokens](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#bearer). + +To allow pushing data without any authorization, set the value to `null`. The API validates the data, but this is not +recommended. + ##### `stage` An identifier of the deployment stage. This is used to distinguish between different deployments of Signed API, for