{"id":37091552,"url":"https://github.com/septima/traefik-api-key-auth","last_synced_at":"2026-01-14T11:08:22.675Z","repository":{"id":196217243,"uuid":"695125573","full_name":"Septima/traefik-api-key-auth","owner":"Septima","description":"Traefik Middleware for authenticating request using either a header, a query string or a prefix of the url path.","archived":false,"fork":false,"pushed_at":"2024-06-24T06:00:26.000Z","size":14,"stargazers_count":21,"open_issues_count":6,"forks_count":5,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-22T22:58:03.657Z","etag":null,"topics":["traefik-plugin"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Septima.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-22T12:11:24.000Z","updated_at":"2025-09-25T11:39:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"93373fe2-0b9b-469b-aa10-a35a1b500440","html_url":"https://github.com/Septima/traefik-api-key-auth","commit_stats":null,"previous_names":["septima/traefik-api-key-auth"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/Septima/traefik-api-key-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Septima%2Ftraefik-api-key-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Septima%2Ftraefik-api-key-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Septima%2Ftraefik-api-key-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Septima%2Ftraefik-api-key-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Septima","download_url":"https://codeload.github.com/Septima/traefik-api-key-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Septima%2Ftraefik-api-key-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417917,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["traefik-plugin"],"created_at":"2026-01-14T11:08:22.189Z","updated_at":"2026-01-14T11:08:22.667Z","avatar_url":"https://github.com/Septima.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# api-key-auth\n\nThis plugin allows you to protect routes with an API key specified in a header, query string param or path segment. If the user does not provide a valid key the middleware will return a 403.\n\n## Config\n\n### Static file\n\nAdd to your Traefik static configuration\n\n#### yaml\n\n```yaml\nexperimental:\n  plugins:\n    traefik-api-key-auth:\n      moduleName: \"github.com/Septima/traefik-api-key-auth\"\n      version: \"v0.2.3\"\n```\n\n#### toml\n\n```toml\n[experimental.plugins.traefik-api-key-auth]\n  moduleName = \"github.com/Septima/traefik-api-key-auth\"\n  version = \"v0.2.3\"\n```\n\n### CLI\n\nAdd to your startup args:\n\n```sh\n--experimental.plugins.traefik-api-key-auth.modulename=github.com/Septima/traefik-api-key-auth\n--experimental.plugins.traefik-api-key-auth.version=v0.2.3\n```\n\n### K8s CRD\n\n```yaml\napiVersion: traefik.io/v1alpha1\nkind: Middleware\nmetadata:\n  name: verify-api-key\nspec:\n  plugin:\n    traefik-api-key-auth:\n      authenticationHeader: true\n      authenticationHeaderName: X-API-KEY\n      bearerHeader: true\n      bearerHeaderName: Authorization\n      queryParam: true\n      queryParamName: token\n      pathSegment: true\n      permissiveMode: false\n      removeHeadersOnSuccess: true\n      internalForwardHeaderName: ''\n      internalErrorRoute: ''\n      keys:\n        - some-api-key\n```\n\n## Plugin options\n\n| option                      | default           | type     | description                                                       | optional |\n|:----------------------------|:------------------|:---------|:------------------------------------------------------------------|:---------|\n| `authenticationHeader`      | `true`            | bool     | Use an authentication header to pass a valid key.                 | ⚠️        |\n| `authenticationHeaderName`  | `\"X-API-KEY\"`     | string   | The name of the authentication header.                            | ✅       |\n| `bearerHeader`              | `true`            | bool     | Use an authorization header to pass a bearer token (key).         | ⚠️        |\n| `bearerHeaderName`          | `\"Authorization\"` | string   | The name of the authorization bearer header.                      | ✅       |\n| `queryParam`                | `true`            | bool     | Use a query string param to pass a valid key.                     | ⚠️        |\n| `queryParamName`            | `\"token\"`         | string   | The name of the query string param.                               | ✅       |\n| `pathSegment`               | `true`            | bool     | Use match on path segment to pass a valid key.                    | ⚠️        |\n| `permissiveMode`            | `false`           | bool     | Dry-run option to allow the request even if no valid was provided | ✅       |\n| `removeHeadersOnSuccess`    | `true`            | bool     | If true will remove the header on success.                        | ✅       |\n| `internalForwardHeaderName` | `\"\"`              | string   | Optionally forward validated key as header to next middleware.    | ✅       |\n| `internalErrorRoute`        | `\"\"`              | string   | Optionally route to backend at specified path on invalid key      | ✅       |\n| `keys`                      | `[]`              | []string | A list of valid keys that can be passed using the headers.        | ❌       |\n\n⚠️ - Is optional but at least one of `authenticationHeader`, `bearerHeader`, `queryparam` or `pathSegment` must be set to `true`.\n\n❌ - Required.\n\n✅ - Is optional and will use the default values if not set.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseptima%2Ftraefik-api-key-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fseptima%2Ftraefik-api-key-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseptima%2Ftraefik-api-key-auth/lists"}