-
Feature Request
-
Resolution: Done
-
Major
-
2.1 GA, SaaS
There are some scenarios where the customer might want to just expose the Backend API and track the usage (with rate limiting) rate limit it, without adding an authentication mechanism.
A policy should be able to fill in missing credentials for unauthenticated requests.
The policy configuration should have have option to select user_key / app_id+app_key and fill a value.
Then any request with missing credentials will get these by default.
This is effectively authenticating every client with some default app that can have some limits or not and can track aggregated usage.
- is documented by
-
THREESCALE-1280 Document "Anonymous API access policy" for 2.3
- Closed
- is duplicated by
-
THREESCALE-671 Anonymous Access to 3scale REST API
- Closed