API Key Authenticator Policy

Policy to authenticate a client using API keys in a header or query parameter

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.
Authenticates a client with API keys passed in the header or query parameters. You can use a Policy with an API Key Authenticator policy for authentication with the Try it out feature in Developer Portal.

All Authentication policies require the Authorize By Role Policy policy to authorize the API caller correctly. For example, you can configure the API Key Authenticator policy to add the role admin to the client and then configure the Authorize By Role policy to authorize users with that role.

Policy execution order

The API Key Authenticator policy executes after validation policies, such as IP Restriction.

Note: All expression enabled fields in API Policies take expressions from the SnapLogic Expression Language and the API Policy Manager Functions.
Field/Field set Description
When this policy should be applied An expression that defines one or more conditions that must be true for the policy to execute.

Default value: True

Example: The expression request.method == "POST" causes the policy to execute only on POST requests.

API Keys

Required. The API keys that a client passes in for authentication. You can also reference a secret from a third-party secrets manager by entering an expression. Click Plus Icon to add multiple API keys.

Note: Description, API key, and role must be unique.
Description

Required. The email of the key owner.

Example: [email protected]
API Key

Required. The API key, which is a long, randomly-generated string.

Default value: N/A

Example: 72D11F27-5719-4BE7-95BA-AF20DEBAF42D
Roles

Required. The list of roles to assign clients that use this key.

Default value: N/A

Example: admin
Expiration MM-dd-yyyy

Required. The API key expiration date in the format: MM-dd-yyyy.

Default value: N/A

Example: 12-31-2028
Key Location

The location to find the key. At least one header or parameter key location is required. If none of the specified locations are found, this policy passes the request through to the next policy.
Custom Header Keys

The names of the headers that can contain the key. At runtime, the Snaplex checks all of these locations. Click Plus Icon to add header keys.

Key

The name of the headers that can contain keys.

Default value: N/A

Example: X-API-Key
Custom Query String Parameter Keys
CAUTION: Because query parameters appear in logs and other locations, avoid using them to pass sensitive information, such as keys and tokens.
The names of the query parameters that can contain keys. At runtime, the Snaplex checks all of these locations. Click Plus Icon to add more keys.
Key

Required. The name of a query parameter that contains a key.

Default value: N/A

Example: api-key
Authorization Header Type

The authorization schema for the key passed in the header. Common authorization schemas include:

  • Basic: Username and password
  • Bearer: Token
  • Digest: Hash of username and password
  • JWT: JSON Web token

Default value: bearer
Description

Required.

Default value: Authenticating requests only for specified API keys

Example: API key based authentication