API Key Authenticator
- John Brinckwirth
- Eleanor Tesoro (Deactivated)
- Kendy Li
Use the API Key Authenticator policy to authenticate a client by using API keys passed as a header or query parameter.
Authentication Policy Requirement
All Authentication policies require the Authorize By Role policy to authenticate the API caller correctly. For example, you can configure this policy to add the role “admin” to the client and then configure the Authorize By Role policy to authorize users with that role.
Policy Execution Order
The API Key Authenticator Policy executes after early stage request validation policies, like IP Restriction.
Expression Enabled Fields in API Policies All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.
| Parameter Name | Description | Default Value | Example |
|---|---|---|---|
| Label | Required. The name for the API policy. | API Key Authenticator | Project API Key |
When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | N/A | request.method == “POST” |
| API Keys | Required. The API keys that a user can use for authenticating a client. Click + to add multiple API keys. Description, API key, and role must be unique. You can also reference a secret from a 3rd-party Secrets Manager vendor by entering an expression. | N/A | N/A |
| Description | Required. A description of the owner of the key. | N/A | bob@example.com |
API Key | Required. The API key itself. This should be a long, randomly generated string. | N/A | 72D11F27-5719-4BE7-95BA-AF20DEBAF42D |
| Roles | Required. The list of roles to assign clients that use this key. | N/A | admin |
Expiration MM-dd-yyyy | The API key's expiration date. Format: MM-dd-yyyy | N/A | 02-28-2022 |
Key Location | Required. Specifies the location to find the key. If one of the given locations is not found, this API policy passes the request through to the next API policy. | N/A | N/A |
Custom Header Keys | The names of the headers that can contain the key. If more than one header is given, they are all checked. Click + to add header keys. | N/A | N/A |
| Key | The name of the header containing the key. | N/A | X-API-Key |
| Custom Query String Parameter Keys | The names of the query parameters that can contain the key. If more than one name is given, then all names are checked. Click + to add header keys. | N/A | N/A |
| Key | The name of the query string parameter key. | N/A | token |
Authorization Header Type | If the key is in the Authorization header, this value is used as the “type” to check. | token | token |
| Status | Specifies whether the API policy is enabled or disabled. | Enabled | Disabled |
Best Practices
Avoid passing sensitive information in query parameters since query parameters appear in logs and other locations.
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.