API Key Auth Plugin
The API Key Auth plugin provides a simple and effective way to secure your endpoints. It intercepts incoming requests and verifies that a valid API Key is present in the X-API-Key header.
⚙️ Configuration
The plugin is typically enabled for specific domains or routes.
- urn: "urn:crate:plugin:api-key"
name: "endpoint-auth"
type: "request_filter"
active: true
config:
header: "X-API-Key"
keys:
- "cr_1234567890abcdef"
- "cr_9876543210fedcba"
Field Definitions
| Field | Type | Description |
|---|---|---|
header |
string | The name of the header that should contain the API key. |
keys |
[]string | A list of valid API keys for this organization. |
🚀 Examples
1. Require Multi-Header Auth
config:
header: "Authorization" # Can be any header name
keys: ["Bearer token-xyz"]
2. Secure a Specific Route
When applied to a route, this plugin overrides the domain-level settings.
routes:
- path: "/v1/admin/*"
plugins:
- plugin_urn: "urn:crate:plugin:api-key"
config:
keys: ["cr_admin_only_key"]