For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.

Backend authentication

Attaches to:

When connecting to a backend, an authentication token can be attached to each request using the backend authentication policy.

To attach a static key as an Authorization value, use key:

backendAuth:
  key: $MY_API_KEY

A file path can also be used:

backendAuth:
  key:
    file: /path/to/my/key

When using any form of incoming authentication, such as JWT, API key, or basic auth, the original credential is removed from the request by default before forwarding to the backend. To pass the original credential through to the backend, use the passthrough method:

backendAuth:
  passthrough: {}

Google Application Default Credentials can also be used, which can be useful when connecting to GCP services:

backendAuth:
  gcp: {}

AWS authentication can be used to sign requests to AWS services:

backendAuth:
  aws:
    # Specify access key and session token
    # Alternatively, leaving this empty will use the standard AWS credential lookup (https://docs.aws.amazon.com/sdkref/latest/guide/access.html) based on the environment
    accessKeyId: "$AWS_ACCESS_KEY_ID"
    secretAccessKey: "$AWS_SECRET_ACCESS_KEY"
    sessionToken: "$AWS_SESSION_TOKEN"
    region: us-west-2