How to use 3Scale's `authrep` function from a server and client perspective?

Question

I'm attempting to setup a prototype API using nodejs that uses 3Scale's API management.

I've been able to find their plugin intergration code, which is as follows:

var ThreeScale = require('3scale').Client;
// keep your provider key secret
var client = new ThreeScale("X");

// you will usually obtain app_id and app_key from request params
client.authrep({ app_id: "Y",
                 app_key: "Z" }, function(response){
  if(response.is_success()) {
    // continue
  } else {
    throw new Error("not authorized " + response.error_message);
  }
});

Which makes some sense to me as part of a server module. But, I'm not sure where the client's credentials are in that equation....

I see it as the client is pointing to your app, and here's the password for the app...but what about the username/password for the actual client!? where does that get checked?

I feel like I'm not grasping their architecture (possible because it's my first real node project and definitely my first time using 3Scale)...

Further, what's a client's request then look like?

Answer 1

in 3scale system app_id and app_key (in this authentication method) kind of represent the user's (i.e. developer's) credentials. This is due to the fact that every user can have more than one application and one application belongs just to one user, so you don't need user credentials. The credentials are checked on the 3scale system side and if authorized, they report the usage and forward the call to your API.

provider_key identifies your account (API owner) and you have to keep it secret (if someone gets it, they can impersonate you).

Did you already check the 3scale's support site? There are many useful information on the system architecture, some tutorials on integration, etc. You can check them here: http://support.3scale.net

btw. the node.js plugin is a community plugin. You can also try integration via nginx reverse proxy.