API Key Authenticator rule

Rule to authenticate a client using API keys in a header or query parameter

Authenticates a client with API keys passed in the header or query parameters. You can use a policy with an API Key Authenticator rule for authentication with the Try it out feature in APIM 3.0 Developer Portal.

All Authentication rules require the Authorize by Role rule rule to authorize the API caller correctly. For example, you can configure the API Key Authenticator rule to add the role admin to the client and then configure the Authorize By Role rule to authorize users with that role.

Rule execution order

The API Key Authenticator rule executes after validation policies, such as IP Restriction.

Note: All expression enabled fields in API Policies take expressions from the SnapLogic Expression Language and the API Policy Manager Functions.


Field	Description
When this rule should be applied	An expression that defines one or more conditions that must be true for the rule to execute. Default value: True Example: The expression `request.method == "POST"` causes the rule to execute only on `POST` requests.
API Keys	Required. The API keys that a client passes in for authentication. You can also reference a secret from a third-party secrets manager by entering an expression. Click to add multiple API keys. Note: Description, API key, and role must be unique.
Description	Required. The email of the key owner. Example: `[email protected]`
API Key	Required. The API key, which is a long, randomly-generated string. Default value: N/A Example: `72D11F27-5719-4BE7-95BA-AF20DEBAF42D`
Roles	Required. The list of roles to assign clients that use this key. Default value: N/A Example: `admin`
Expiration MM-dd-yyyy	Required. The API key expiration date in the format: MM-dd-yyyy. Default value: N/A Example: `12-31-2028`
Key Location	The location to find the key. At least one header or parameter key location is required. If none of the specified locations are found, this rule passes the request through to the next rule.
Custom Header Keys	The names of the headers that can contain the key. At runtime, the Snaplex checks all of these locations. Click to add header keys.
Key	The name of the headers that can contain keys. Default value: N/A Example: `X-API-Key`
Custom Query String Parameter Keys	CAUTION: Because query parameters appear in logs and other locations, avoid using them to pass sensitive information, such as keys and tokens. The names of the query parameters that can contain keys. At runtime, the Snaplex checks all of these locations. Click to add more keys.
Key	Required. The name of a query parameter that contains a key. Default value: N/A Example: `api-key`
Authorization Header Type	The authorization schema for the key passed in the header. Common authorization schemas include: `Basic`: Username and password `Bearer`: Token `Digest`: Hash of username and password `JWT`: JSON Web token Default value: `bearer`
Description	Required. Default value: Authenticating requests only for specified API keys Example: `API key based authentication`