Secures APIs by validating keys stored in either files or proxies.xml. Keys can be received from clients via HTTP headers or URL query parameters. Additional permission checks are possible through scope validation - scopes are loaded into an Exchange property and can be checked using the "hasScope()" SpEL function.
Attributes
| Name | Required | Default | Description | Examples |
|---|
| required | false | true | Controls whether API key validation is enforced or optional. Optional will still load scopes and make them available for checking through SpEL function "hasScope()". | false |
Child Elements
| Element | Description | Cardinality |
|---|
| headerExtractor | | 0..* |
| keyFileStore | Loads api keys from a file. File has to be one key per line, blank lines for formatting are allowed. Optionally, a comma separated list of scopes after the key and a colon in between the two. Hash symbol can be used for comments at the end of each line, including empty lines. | 0..* |
| keys | Stores api keys inline as XML. | 0..* |
| queryParamExtractor | | 0..* |
Can be used in