Auth policies

By default, anyone can send requests to HTTP Request flows. Sometimes, this is what you want, but it typically makes more sense to only accept requests from authenticated clients, such as requests that include an API key or a JSON Web Token (JWT).

To support this, FL0 offers auth policies.

An auth policy defines who can send requests to an HTTP Request flow and how they must authenticate. If someone tries to send a request to a flow without authenticating, the request is rejected.

You can create auth policies via FL0's UI. The policies exist at a project-level and can be reused for any number of flows. The exact steps for creating and using auth policies depends on the type of policy.

Types of auth policies

FL0 supports the following types of auth policies:

Each type of auth policy uses a different method to authenticate the client. To learn more about each type, see the linked documentation.