For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
Security
Secure your gateway to prevent unauthenticated and unauthorized access to your apps.
Securing your API gateway involves multiple layers of protection to safeguard traffic, enforce encryption, and maintain observability. These security features work best in combination.
For example, you might use HTTPS listeners for external client connections, enforce backend TLS for internal workload security, use Istio for mutual TLS across workloads within your cluster environment, and automate certificate management of the DNS for your gateway’s hostname with ExternalDNS and Cert-Manager. Access logging provides visibility into all these layers, ensuring a comprehensive security posture for your API gateway deployment.
Access logging
Capture an access log for all the requests that enter the gateway.
Backend TLS
Originate a one-way TLS connection from the Gateway to a backend.
CORS
Enforce client-site access controls with cross-origin resource sharing (CORS).
CSRF
Apply a CSRF filter to the gateway to help prevent cross-site request forgery attacks.
External auth
Bring your own external authorization service to protect requests that go through your Gateway.
JWT
Control access or route traffic based on verified claims in a JSON web token (JWT).
Rate limit
HTTPS listener
SNI listener
TLS passthrough
Set up a TLS listener on the Gateway that serves one or more hosts and passes TLS traffic through to …
ExternalDNS and Cert-Manager
Istio ambient mesh for mTLS