Docs Local Kubernetes Blog Enterprise Community Get Started GitHub

HTTP authorization

Attach to:

Route

HTTP authorization Authorization (AuthZ) The process of determining what actions an authenticated user or service is allowed to perform. Agentgateway supports HTTP authorization, MCP authorization, and external authorization services. allows defining rules to allow or deny requests based on their properties, using CEL expressions.

Policies can define allow and deny rules. When evaluating a request:

  1. If there are no policies, the request is allowed.
  2. If any deny policy matches, the request is denied.
  3. If any allow policy matches, the request is allow.
  4. Otherwise, the request is denied.
authorization:
  rules:
  - allow: 'request.path == "/authz/public"'
  - deny: 'request.path == "/authz/deny"'
  # legacy format; same as `allow: ...`
  - 'request.headers["x-allow"] == "true"'
CSRFJWT authentication