Configuration

Configuration reference for ProxyConf

ProxyConf is configured through two mechanisms:

Environment Variables - Configure the ProxyConf server itself (ports, database, TLS, etc.)
OpenAPI Extensions - Configure how each API is exposed through Envoy using x-proxyconf

Configuration Overview

┌─────────────────────────────────────────────────────────────────┐
│                    ProxyConf Configuration                      │
├─────────────────────────────────────────────────────────────────┤
│                                                                 │
│  Environment Variables          OpenAPI x-proxyconf Extension   │
│  ─────────────────────          ───────────────────────────────│
│  • Server ports                 • API routing (url, listener)   │
│  • Database connection          • Authentication (downstream)   │
│  • TLS certificates             • Credential injection (up.)    │
│  • Cluster defaults             • CORS policies                 │
│  • Logging                      • Request validation            │
│                                 • HTTP connection settings      │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

In This Section

Page	Description
Environment Variables	Configure ProxyConf server settings via environment variables
OpenAPI Extension	Reference for the `x-proxyconf` OpenAPI extension
Downstream Authentication	Configure client authentication (API keys, JWT, mTLS, Basic)
Upstream Authentication	Inject credentials when calling upstream services
CORS	Configure Cross-Origin Resource Sharing policies
HTTP Connection Manager	Fine-tune Envoy’s HTTP connection handling

Quick Reference

Minimal OpenAPI Configuration

openapi: 3.0.3
info:
  title: My API
  version: 1.0.0
x-proxyconf:
  cluster: my-cluster
  url: https://api.example.com/my-api
  security:
    auth:
      downstream:
        disabled: {}
paths:
  /health:
    get:
      summary: Health check
      responses:
        '200':
          description: OK

Common Configuration Patterns

Use Case	Key Configuration
Public API (no auth)	`security.auth.downstream.disabled: {}`
API Key authentication	`security.auth.downstream.type: header`
JWT authentication	`security.auth.downstream.jwt: {...}`
mTLS authentication	`security.auth.downstream.mtls: {...}`
IP allowlisting	`security.allowed-source-ips: [...]`
Custom upstream auth	`security.auth.upstream: {...}`

Documentation

Environment Variables

Environment variables for configuring ProxyConf

OpenAPI Extension

The x-proxyconf OpenAPI extension reference

Downstream Authentication

Configure authentication for incoming API requests

Upstream Authentication

Configure credential injection for upstream API requests

CORS Configuration

Configure Cross-Origin Resource Sharing for your APIs

HTTP Connection Manager

Configure Envoy's HTTP Connection Manager settings