Api protection

[iNDicat0r]

So to my understanding hydra is a standalone server. Now i have got a set of apis written in golang, which need to be protected(authentication+authorization). How am i supposed to integrate hydra when it acts as a standalone server? For instance i was using an auth2 server library in php and it had to be part of my project in order for me to enforce authorization..

[aeneasr]

You will need to make HTTP calls to hydra's warden or the introspection endpoint. Hydra has a Go SDK available in the sdk directory. The http calls are documented on apiary (check readme).

Usually you don't do this in your code but instead have an api gateway (such as kong from mashape) doing this for you

[iNDicat0r]

Thanks for the response.
I don't want to depend on third party gateways etc.. therefore the first step is to integrate with my own code/infra.
So the Go SDK basically communicates with hydra using HTTP/REST, which means that hydra is completely decoupled and can be used across many languages and runtimes.

[aeneasr]

I don't want to depend on third party gateways etc.. therefore the first step is to integrate with my own code/infra.

You most definitely should. You don't want to expose your services to public traffic!

[iNDicat0r]

Thanks