Skip to content

Upstream Authentication

Inject Upstream Header

Inject Upstream Header. This is useful if e.g. a static api key must provided that is not available by the client. Upstream Authentication can be easily configured using the Upstream Authentication configuration.

OpenAPI Specification
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
info:
  title: Inject Upstream Header
openapi: 3.0.3
paths:
  /test:
    get:
      responses:
        '200':
          description: OK
servers:
  - url: https://127.0.0.1:/api/echo
x-proxyconf:
  cluster: demo
  security:
    auth:
      downstream: disabled
      upstream:
        name: upstream-api-key
        overwrite: false
        type: header
        value: '%SECRET:upstream-api-key%'
  url: http://localhost:8080/inject-upstream-header

HURL Examples

# Set secret 'upstream-api-key' used to inject in the header
POST https://localhost:{{port}}/api/secret/upstream-api-key
Authorization: Bearer {{admin-access-token}}
```
MY-UPSTREAM-SECRET
```
HTTP 200


POST https://localhost:{{port}}/api/spec/inject-upstream-header?api-port={{port}}&envoy-cluster={{envoy-cluster}}
Content-Type: application/yaml
Authorization: Bearer {{admin-access-token}}
file,inject-upstream-header.yaml;
HTTP 200


# If the client does not provides the header, it is set
GET http://localhost:8080/inject-upstream-header/test
HTTP 200
Content-Type: application/json
[Asserts]
jsonpath "$.headers.upstream-api-key" == "MY-UPSTREAM-SECRET"


# If the client provides the header, it is passed through
GET http://localhost:8080/inject-upstream-header/test
upstream-api-key: override-upstream-secret
HTTP 200
Content-Type: application/json
[Asserts]
jsonpath "$.headers.upstream-api-key" == "override-upstream-secret"