Docsright arrowEdge Stackright arrowThe APIKey Filter Type (v3alpha1)

3 min • read

The APIKey Filter Type (v3alpha1)

The APIKey Filter validates API Keys present in HTTP headers. The list of authorized API Keys is defined directly in a Secret. If an incoming request does not have the header specified by the APIKey Filter or it does not contain one of the key values configured by the Filter then the request is denied. For more information about how requests are matched to Filter resources and the order in which Filters are executed, please refer to the FilterPolicy Resource documentation.

This doc is an overview of all the fields on the APIKey Filter Custom Resource with descriptions of the purpose, type, and default values of those fields. This page is specific to the version of the APIKey Filter resource. For the newer resource, please see the v1alpha1 APIKey Filter api reference.

APIKey Filter API Reference

To create an APIKey Filter, the spec.type must be set to apikey, and the apikey field must contain the configuration for your APIKey Filter.


httpHeaderstringThe name of the http header where the api-key will be found (always case-insensitive). By default it will use the x-api-key header.
keys[]APIKeyItemThe set of APIKeys that are used to check the whether the incoming request is valid.


secretNamestringDefines how to resolve the values of the keys. Currently the only supported way to resolve a key is via a local secret. APIKeys cannot use shared secrets in a different namespace than the APIKey Filter resource.

Note about Secret formatting: When supplying secrets to an API Key filter, the keys of the Secret do not matter, but the value of your API Key must be base64 encoded.

For example, if you want to create a secret for the API Key value example-api-key-value, the secret should look like:

You can specify as many API Keys in the Secret as you like.