API Key Authenticator rule

Rule to authenticate a client using API keys in a header or query parameter

Authenticates a client with API keys passed in the header or as a query parameter.

All Authentication rules require the Authorize by Role rule rule to authorize the API caller correctly. For example, you can configure the API Key Authenticator rule to add the role admin to the client and then configure the Authorize By Role rule to authorize users with that role.

Rule execution order

The API Key Authenticator rule executes after validation policies, such as IP Restriction.

Note: All expression enabled fields in API Policies take expressions from the SnapLogic Expression Language and the API Policy Manager Functions.


Field	Description
When this rule should be applied	An expression that defines one or more conditions that must be true for the rule to execute. Default value: True Example: The expression `request.method == "POST"` causes the rule to execute only on `POST` requests.
API Keys	Required. The API keys that a client passes in for authentication. You can also reference a secret from a third-party secrets manager by entering an expression. Click to add multiple API keys. Note: Description, API key, and role must be unique.
Description	Required. A description of the key owner. Default value: N/A Example: `[email protected]`
API Key	Required. The API key, which is a long, randomly-generated string. Default value: N/A Example: `72D11F27-5719-4BE7-95BA-AF20DEBAF42D`
Roles	Required. The list of roles to assign clients that use this key. Default value: N/A Example: `admin`
Expiration MM-dd-yyyy	Required. The API key expiration date in the format: MM-dd-yyyy. Default value: N/A Example: `02-28-2025`
Key Location	Required. The location to find the key. If none of the locations are found, this API rule passes the request through to the next API rule.
Custom Header Keys	The names of the headers that can contain the key. If more than one header is given, they are all checked. Click to add header keys.
Key	The name of the header containing the key. Default value: N/A Example: `X-API-Key`
Custom Query String Parameter Keys	Required. The names of the query parameters that can contain the key. If more than one name is given, then all names are checked. Click to add more keys.
Key	Required. The name of the query string parameter key. Default value: N/A Example: `admin`
Authorization Header Type	If the key is in the authorization header, this value is used as the “type” to check. Default value: `token` Example: `bearer`
Description	Required. Default value: Authenticating requests only for specified API keys Example: `API key based authentication`

CAUTION: Because query parameters appear in logs and other locations, avoid using them to pass sensitive information, such as keys and tokens.