Docsright arrowEdge Stackright arrowThe APIKey Filter Type (v1alpha1)

3 min • read

The APIKey Filter Type (v1alpha1)

The APIKey Filter validates API Keys present in HTTP headers. The list of authorized API Keys is defined directly in a Secret. If an incoming request does not have the header specified by the APIKey Filter or it does not contain one of the key values configured by the Filter then the request is denied. For more information about how requests are matched to Filter resources and the order in which Filters are executed, please refer to the FilterPolicy Resource documentation.


This page is specific to the gateway.getambassador.io/v1alpha1 version of the APIKey Filter resource. For the older getambassador.io/v3alpha1 resource, please see the v3alpha1 APIKey Filter api reference.

APIKey Filter API Reference

To create an APIKey Filter, the spec.type must be set to apikey, and the apikey field must contain the configuration for your APIKey Filter.

APIKeyFilter

FieldTypeDescription
httpHeaderstringThe name of the http header where the api-key will be found (always case-insensitive). By default it will use the x-api-key header.
keys[]APIKeyItemThe set of APIKeys that are used to check the whether the incoming request is valid.

APIKeyItem

FieldTypeDescription
secretNamestringDefines how to resolve the values of the keys. Currently the only supported way to resolve a key is via a local secret. APIKeys cannot use shared secrets in a different namespace than the APIKey Filter resource.

Note about Secret formatting: When supplying secrets to an API Key filter, the keys of the Secret do not matter, but the value of your API Key must be base64 encoded.

For example, if you want to create a secret for the API Key value example-api-key-value, the secret should look like:

You can specify as many API Keys in the Secret as you like.