Getting started

Gate is our identity-aware Edge Authorizer for APIs and workloads. Gate runs either as a proxy, as a sidecar or an Envoy-compatible ExtAuth authentication service. Gate works with existing API Gateway and reverse proxies (for example: Kong, Nginx, Envoy, AWS API Gateway) and performs identity-related operations on incoming traffic.

Gate is the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads. Gate can also be used to enforce fine-grained authorization policies and modern authentication with passkeys for internal applications.

What you can use Gate for

This is a non-exhaustive list of use cases you can use Gate for:

• Add authentication, authorization, rate limiting and caching to your APIs
• Add phishing-resistant authentication and fine-grained authorization to internal applications without code changes
• Augment tokens with either some (based on context) or all /id attributes
• Augment tokens with custom claims from external sources
• Allow/Deny requests based on either /id groups or external IdP groups (RBAC)
• Allow/Deny requests based on the attributes. (ABAC)
• Authorization (OPA or custom rules). Both route-based and within the application logic
• Migrating tokens from some legacy system (eg: Laravel, Devise, Ping, and so on) to a new IdP
• Progressive migrations/interoperability of old systems with new ones
• Migration without invalidating sessions
• Centralizing AuthN and AuthZ audit-logs
• Monitor service accounts/identity requests for security hygiene
• Logging capabilities to improve product analytics and attribution
• Traffic inspection for data governance/DLP/PII detection
• Token/credentials blacklisting
• Session management

Next steps

You can find a list of example use-cases of Gate on the Use cases page.

To check available installation options, please check the Installation page.

Check out the FAQ for more information.