@AlokKumar I absolutely love this question. YES, it is possible! I recently built an API with NiFI and guess what, no auth!! 😥 It is just a web api handling form posts, so it does nothing requiring auth, but it does respond with appropriate error codes if things happen unexpectedly. I can see you are thinking in terms of needing to add authentication layer which I think is required.
Two solutions:
1. Provide an auth mechanism in front of NiFi within load balancer.
2. Build this auth check into the nifi api flow itself.
For the latter, nifi can do anything right? There are many ways to do this, but after HandleHttpRequest, you could check an external system for valid user/pass, token, etc. I think your specificl requirements would dictate the logic further. An invalid auth would return appropriate HandleHttpResponse w/ 4xx error codes.
One thing I would recommend is accounting for timeouts or slow clients. If a client is waiting for an external auth check, you need to be sensitive that call out could take too long in terms of the api connection. Make the nifi flow account for that scenario as well to handle the client timeout. If this is a major concern, i would investigate the first solution.
