For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
API Key authentication
API keyAPI KeyA secret token used to authenticate API requests. Agentgateway can validate API keys and attach metadata to authenticated requests. authenticationAuthentication (AuthN)The process of verifying the identity of a user or service. Agentgateway supports various authentication methods including JWT, API keys, and basic authentication. enables authenticating requests based on a user-provided API key.
Tip
This policy is about authenticating incoming requests. For attaching API keys to outgoing requests, see Backend Authentication.
API Key authentication involves configuring a list of valid API keys, with associated metadata about the key (optional).
Additionally, authentication can run in three different modes:
- Strict: A valid API key must be present.
- Optional (default): If an API key exists, validate it.
Warning: This allows requests without an API key! - Permissive: Requests are never rejected. This setting is useful for usage of claims in later steps such as authorization or logging.
Warning: This allows requests without an API key!
apiKey:
mode: strict
keys:
- key: sk-testkey-1
metadata:
user: test
role: adminLater policies can now operate on the metadata associated with the API key.
For example, you can set a custom x-authenticated-user header with the authenticated user from the API key metadata.
transformations:
request:
set:
x-authenticated-user: apiKey.user