APIKey Filter validates API Keys present in HTTP headers. The list of authorized API Keys is defined directly in a Secret.
If an incoming request does not have the header specified by the
APIKey Filter or it does not contain one of the key values
configured by the
Filter then the request is denied.
For more information about how requests are matched to
Filter resources and the order in which
Filters are executed, please
refer to the FilterPolicy Resource documentation.
This doc is an overview of all the fields on the
APIKey Filter Custom Resource with descriptions of the purpose, type, and default values of those fields.
This page is specific to the
getambassador.io/v3alpha1 version of the
APIKey Filter resource. For the newer
please see the v1alpha1 APIKey Filter api reference.
To create an APIKey Filter, the
spec.type must be set to
apikey, and the
apikey field must contain the configuration for your
|The name of the http header where the api-key will be found (always case-insensitive). By default it will use the |
|APIKeyItem||The set of APIKeys that are used to check the whether the incoming request is valid.|
|Defines how to resolve the values of the keys. Currently the only supported way to resolve a key is via a local secret. APIKeys cannot use shared secrets in a different namespace than the |
Note about Secret formatting: When supplying secrets to an API Key filter, the keys of the Secret do not matter, but the value of your API Key must be base64 encoded.
For example, if you want to create a secret for the API Key value
example-api-key-value, the secret should look like:
You can specify as many API Keys in the Secret as you like.