Skip to main content

Getting Started

What is Gate?

Gate is an identity-aware edge authorizer for APIs and workloads. Gate performs identity-related operations on incoming traffic and it's the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads.
Gate can also be used to enforce fine-grained authorization policies and passkey authentication for internal applications.

You can run Gate as a proxy, a sidecar or an Envoy-compatible ExtAuth authentication service. It works seamlessly with existing API gateways and reverse proxies such as Kong, Nginx, Envoy, AWS API Gateway and others.

What can I do with Gate?

This is a non-exhaustive list of what you can do with Gate. Find more details in the Use Cases section.

Authentication and Authorization

  • Add authentication, authorization, rate limiting and caching to your APIs
  • Add phishing-resistant authentication and fine-grained authorization to internal applications without code changes
  • Session management

Token Enrichment

  • Add SlashID attributes to tokens
  • Add custom claims from external sources

Access Control

  • Role-Based Access Control (RBAC): allow/deny requests based on groups from SlashID or other identity providers
  • Attribute-Based Access Control (ABAC): allow/deny requests based on attributes
  • Perform authorization based on route or internal application logic with Open Policy Agent (OPA) or custom rules

Migration and Interoperability

  • Transition tokens from legacy systems (e.g., Laravel, Devise, Ping) to a new identity provider
  • Progressive Migrations: enable interoperability between old and new systems
  • Migrate to a new system without invalidating sessions

Data Governance

  • Centralize audit log collection for authentication and authorization
  • Enhance logging to improve product analytics and user attribution
  • Monitor API traffic for data governance, data loss prevention (DLP), and Personally Identifiable Information (PII) detection


  • Monitor service accounts and identity requests for security hygiene
  • Denylist compromised tokens and credentials

This is a list of common tasks that you may encounter when working with Gate, and a link to the relevant documentation.

I want to...So I should read...
Add fine-grained authorization to my APIsOAuth 2.0 scopes with Gate + OpenAPI
Authenticate requestsEdge Authentication
Implement distributed rate limitingRate Limiting Using GCRA
Detect PII in transitProtecting Exposed APIs: Avoid Data Leaks with SlashID Gate and OPA
Add custom claims to JWTsToken enrichment: Add custom claims
Control access to LLMs and other APIsFirewalling OpenAI APIs
Enforce authorization policies with OPAAuthorization with Gate
Add passkeys or MFA to internal applicationsNo-code anti-phishing protection of internal apps with Passkeys
Deploy Gate as a Lambda on AWSGate on AWS as Lambda Authorizer
Deploy Gate as an external authorizer for EnvoyGate as ExtAuth service
Deploy Gate as a Cloud Run serviceGate on GCP as Cloud Run Service
Deploy Gate as K8s IngressDeploying Gate Kubernetes with Ingress

Next steps

Work through the Setup section to learn how to install, configure and deploy Gate.

Specific use cases are detailed in the Use Cases section.

If you're not sure whether Gate is the right choice for you, check out the FAQs for more information.