Porter Authentication

[derekpierre]

How does Porter authenticate REST API requesters?

While there is nothing to leak (in the current scope of functionality) - there is the possibility of DDOS-type attacks.

Mentioned in https://github.com/nucypher/productdev/issues/7#issuecomment-730612379.

• Infura by default requires project id API key - can also be extended to use basic auth - https://infura.io/docs/gettingStarted/authentication
• Filecoin uses basic auth: username (project id) and password (project secret) - https://infura.io/docs/filecoin#section/Securing-Your-Credentials'

[derekpierre]

It is simplified to only Basic Authentication over HTTPS via #2726 for now unless users decide they want something more robust. However, this is a sufficient starting point. More intricate functionality can be inherently obtained via Nginx proxy (reverse proxy server) sitting in front of Porter.