Protect Admin REST API of SyncGateway


I have an application will request Sync gateway through Admin REST API. So it’s possible to configure the sync gateway to use the client credentials grant flow to request Admin API?
My application and sync gateway are in different network.
The implementation look like this:
. Resource Owner : My application
. Resource Server : Sync Gateway
. Client Application : My application
. Authorization Server : my IDP server


@youssefl , Sync gateway admin rest API does not need any credentials to access as long as your client know the host or ipaddress, client should be able to request admin API and client application network should be able to reach the network which sync gateway is hosted

Is there a reason your application needs to access admin API (In other words, what does the application do)? Would the access to Sync Gateway public API suffice? Currently the admin API does not support authentication so it is recommended that the admin port never be exposed outside of Sync Gateway localhost. So if an external machine needs access, then we would recommend something like SSH tunneling. Alternatively, if you are in a cloud environment, you can expose admin port outside of localhost but you must configure security policies that allows admin API access to only certain range of IP Addresses. If you have an application Load Balancer, you can also configure it to handle authentication.

Support for Admin API authentication is on our radar.