Auth
Sylan does not mandate auth between Node → Provider by default. If you want to limit who can call your gateway (e.g., only Sylan nodes), add standard HTTP auth in front of your routes — the middleware will still work fine.
Options you can layer on:
- Static API key: check
x-api-keyheader before settingres.locals.data - mTLS or allowlist: run behind a reverse proxy that restricts source IPs or presents client certs
- HMAC per request: sign
(requestId, apiId, timestamp)with a shared secret
Keep auth orthogonal to the snapshot logic. AuthN happens before you compute the payload and call
next().
Last updated on