In the course of working on a side project, I've built a small HTTPS forward (i.e. egress) proxy to sit between my application servers and all external HTTP APIs. My proxy injects API keys into requests so that my application doesn't have to think about that.
My question is whether this is useful to anyone else or not? There are perhaps other useful things you could do with it, like add some observability features?
Thanks in advance for any feedback.
I would create a separate protected API that has an additional header such as:
And have that service lookup the URL and credentials in a secure database and create it's own request to the external service. Even better it could also be your audit log.The Forward-To-API header would be stripped and the rest of the query would be passed through.
-- This is so obvious that it must already exist!