For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
Backend authentication
Attaches to:
When connecting to a backend, an authentication token can be attached to each request using the backend authentication policy.
To attach a static key as an Authorization value, use key:
backendAuth:
key:
value: $MY_API_KEYA file path can also be used:
backendAuth:
key:
value:
file: /path/to/my/keyBy default, the proxy retrieves the key from the Authorization header value. To use a different header name, use the location field as shown in the following example:
backendAuth:
key:
value: $MY_API_KEY
location:
# Send as a request header (default)
header:
name: authorization
prefix: "Bearer "backendAuth:
key:
value: $MY_API_KEY
location:
# Send as a query parameter
queryParameter:
name: api_keybackendAuth:
key:
value: $MY_API_KEY
location:
# Send as a cookie
cookie:
name: api_keyWhen using any form of incoming authentication, such as JWT, API key, or basic auth, the original credential is removed from the request by default before forwarding to the backend.
To pass the original credential through to the backend, use the passthrough method:
backendAuth:
passthrough: {}The passthrough method also accepts a location field to specify where to read the credential from:
backendAuth:
passthrough:
location:
header:
name: authorization
prefix: "Bearer "Google Application Default Credentials can also be used, which can be useful when connecting to GCP services:
backendAuth:
gcp: {}AWS authentication can be used to sign requests to AWS services:
backendAuth:
aws:
# Specify access key and session token
# Alternatively, leaving this empty will use the standard AWS credential lookup (https://docs.aws.amazon.com/sdkref/latest/guide/access.html) based on the environment
accessKeyId: "$AWS_ACCESS_KEY_ID"
secretAccessKey: "$AWS_SECRET_ACCESS_KEY"
sessionToken: "$AWS_SESSION_TOKEN"
region: us-west-2