Getting started
Gate is our identity-aware Edge Authorizer for APIs and workloads. Gate runs either as a proxy, as a sidecar or an Envoy-compatible ExtAuth authentication service. Gate works with existing API Gateway and reverse proxies (for example: Kong, Nginx, Envoy, AWS API Gateway) and performs identity-related operations on incoming traffic.
Gate is the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads. Gate can also be used to enforce fine-grained authorization policies and modern authentication with passkeys for internal applications.
Handbook
Here we have a list of common tasks that developers working with Gate are interested in, and indications of where to start with our documentation or blog posts.
| I want to ... | So I should read ... |
|---|---|
| Add fine-grained authorization to my APIs | OAuth 2.0 scopes with Gate + OpenAPI |
| Use Gate to authenticate requests | Edge Authentication |
| Implement distributed rate limiting | Rate Limiting Using GCRA |
| Tokenize credentials | Credential Tokenization |
| Implement M2M authentication and authorization | OAuth 2.0 M2M Authentication |
| Detect PII in transit | Protecting Exposed APIs: Avoid Data Leaks with SlashID Gate and OPA |
| Add custom claims to JWT tokens | Token enrichment: Add custom claims |
| Controlling access to LLMs and other APIs | Firewalling OpenAI APIs |
| Implement authorization policies with OPA | Authorization with Gate |
| Add Passkeys or MFA to internal applications | No-code anti-phishing protection of internal apps with Passkeys |
| Deploy Gate as a Lambda on AWS | Gate on AWS as Lambda Authorizer |
| Deploy Gate as an external authorizer for Envoy | Gate as ExtAuth service |
| Deploy Gate as a Cloud Run service | Gate on GCP as Cloud Run Service |
| Deploy Gate as K8s Ingress | Deploying Gate Kubernetes with Ingress |
What you can use Gate for
This is a non-exhaustive list of use cases you can use Gate for:
- Add authentication, authorization, rate limiting and caching to your APIs
- Add phishing-resistant authentication and fine-grained authorization to internal applications without code changes
- Augment tokens with either some (based on context) or all /id attributes
- Augment tokens with custom claims from external sources
- Allow/Deny requests based on either /id groups or external IdP groups (RBAC)
- Allow/Deny requests based on the attributes. (ABAC)
- Authorization (OPA or custom rules). Both route-based and within the application logic
- Migrating tokens from some legacy system (eg: Laravel, Devise, Ping, and so on) to a new IdP
- Progressive migrations/interoperability of old systems with new ones
- Migration without invalidating sessions
- Centralizing AuthN and AuthZ audit-logs
- Monitor service accounts/identity requests for security hygiene
- Logging capabilities to improve product analytics and attribution
- Traffic inspection for data governance/DLP/PII detection
- Token/credentials blacklisting
- Session management
Next steps
You can find a list of example use-cases of Gate on the Use cases page.
To check available installation options, please check the Installation page.
Check out the FAQ for more information.