The API key authentication component authenticates and authorizes requests based on API keys. It extracts API keys from HTTP request URL parameters, headers, or cookies, and verifies them against a preconfigured list of trusted credentials.
Feature category
Authentication and authorization
Field descriptions
ComponentConfig
Parameter | Type | Required | Default | Description |
Config | Yes | - | API key authentication configuration. |
ApiKeyConfig
Parameter | Type | Required | Default | Description |
ApiKeySources | Yes | - | How to extract the API key from the request. Only a single extraction source is supported. | |
ApiKeyCredentials | Yes | - | List of trusted API key credentials. |
ApiKeySourcesConfig
Parameter | Type | Required | Default | Description |
Headers | String[] | No | - | Extract the API key from HTTP request headers. |
Params | String[] | No | - | Extract the API key from URL parameters. |
Cookies | String[] | No | - | Extract the API key from cookies. |
ApiKeyCredential
Parameter | Type | Required | Default | Description |
Provider | Yes | System | Credential type. | |
Credential | String | Conditional | - | The API key string. Required when |
ApiKeyCredentialProvider
Value | Description |
System | System-generated credential. |
Custom | User-uploaded credential. |
Error codes
HTTP status code | Error message | Cause |
401 | Client authentication failed. | API key verification failed. The API key is invalid or missing. |