Skip to content

gravitee-io/gravitee-policy-apikey

BranchesTags

Repository files navigation

API Key policy

Gravitee.io License Releases CircleCI

Phase

onRequest onResponse

X

Description

You can use the api-key policy to enforce API Key checks during request processing, allowing only apps with approved API keys to access your APIs.

This policy ensures that API Keys are valid, have not been revoked or expired and are approved to consume the specific resources associated with your API.

Compatibility with APIM

Plugin version

APIM version

2.x

3.x

4.x

4.0 to latest

Configuration

Policy

You can configure the following policy level options:

Property Required Description Type Default

propagateApiKey

-

Propagate API Key to upstream API

boolean

false
Configuration
"api-key": {
  "propagateApiKey": false
}

Gateway

You can also configure the policy in the APIM Gateway configuration file (gravitee.yml). You can customize the X-Gravitee-Api-Key header and api-key query parameter.

Configuration
policy:
  api-key:
    header: My-Custom-Api-Key
    param: custom-api-key

Errors

You can use the response template feature to override the default response provided by the policy. These templates must be defined at the API level (see the API Console Response Templates option in the API Proxy menu).

The error keys sent by this policy are as follows:

Key Parameters

API_KEY_MISSING

-

API_KEY_INVALID_KEY

-

About

Gravitee Policy - Api Key

Topics

security-scan product-apim

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

29 watching

Forks

8 forks
Report repository

Releases 15

4.0.1 Latest
Jul 20, 2023
+ 14 releases

Packages

No packages published

Contributors 16
+ 2 contributors

Languages