Before decoupling was done, the entire key validation process was executed inside a single method named
validateKey(), which performed all the operations by running a single query. After decoupling, that single query was broken down into smaller parts by introducing
KeyValidationHandler, which which runs inside the
validateKey() operation, providing a way to extend each step.
A few examples are listed below.
|When domain You need to skip trivial steps, because its validation does not add any value and you need to skip such trivial stepsvalue.|
When creating a key via the API Store, the subscriber can specify which domains are allowed to make calls using a token granted against a particular consumer key. If this validation does not add any value, these trivial steps can be ignored and skipped by extending the
|Need You need to avoid going into detail when validating scopes|
Consider a situation where a scope is assigned to a resource and you only need to verify if the token that is used to access the API has at least one or more scopes defined for that API without going into much detail. This requirement can be achieved by extending the
|Need You need to send a different type of token instead of JSON Web Token (JWT) to pass details of API invocation to the backend||A JSON Web Token (JWT) is used to pass details of an API invocation to the backend. If a different type of token is required, you can extend the |