API Key Authentication Policy
This policy uses the managed API key storage provided by Zuplo. allowUnauthenticatedRequests
defaults to false and rejects any request without a valid API key (returning a 401 - Unauthorized
response). You can override (set "allowUnauthenticatedRequests" : true
) this to support multiple authentication methods or support both authenticated and anonymous requests.
Configuration
{
"name": "my-api-key-inbound-policy",
"policyType": "api-key-inbound",
"handler": {
"export": "ApiKeyInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"allowUnauthenticatedRequests": false
}
}
}
Read more about how policies work