API Key Authentication

Configuration#

{
  "name": "my-api-key-inbound-policy",
  "policyType": "api-key-inbound",
  "handler": {
    "export": "ApiKeyInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "allowUnauthenticatedRequests": false
    }
  }
}

Options#

• name the name of your policy instance. This is used as a reference in your routes.
• policyType the identifier of the policy. This is used by the Zuplo UI. Value should be api-key-inbound.
• handler/export The name of the exported type. Value should be ApiKeyInboundPolicy.
• handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
• handler/options The options for this policy:
  • authHeader

    The name of the header with the key. Defaults to Authorization

  • authScheme

    The scheme used on the header. Defaults to Bearer

  • bucketName

    Optional - The name of the API Key service bucket. Defaults to the autogenerated bucket name for your project. You can contact support@zuplo.com to create a new bucket.

  • allowUnauthenticatedRequests

    If requests should proceed even if the policy does not successfully authenticate the request. Defaults to false and rejects any request without a valid API key (returning a 401 - Unauthorized response). Set to true to support multiple authentication methods or support both authenticated and anonymous requests.

  • cacheTtlSeconds

    The time to cache authentication results for a particular key. Higher values will decrease latency. Cached results will be valid until the cache expires even in the event the key is deleted, etc..

  • disableAutomaticallyAddingKeyHeaderToOpenApi

    Zuplo will automatically document your API key header within your OpenAPI specification & Developer Portal. Set this to true to disable this behavior.