Getting Started
What is Gate?
Gate is an identity-aware edge authorizer for APIs and workloads.
Gate performs identity-related operations on incoming traffic and it's the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads.
Gate can also be used to enforce fine-grained authorization policies and passkey authentication for internal applications.
You can run Gate as a proxy, a sidecar or an Envoy-compatible ExtAuth authentication service. It works seamlessly with existing API gateways and reverse proxies such as Kong, Nginx, Envoy, AWS API Gateway and others.
What can I do with Gate?
This is a non-exhaustive list of what you can do with Gate. Find more details in the Use Cases section.
Authentication and Authorization
- Add authentication, authorization, rate limiting and caching to your APIs
- Add phishing-resistant authentication and fine-grained authorization to internal applications without code changes
- Session management
Token Enrichment
- Add SlashID attributes to tokens
- Add custom claims from external sources
Access Control
- Role-Based Access Control (RBAC): allow/deny requests based on groups from SlashID or other identity providers
- Attribute-Based Access Control (ABAC): allow/deny requests based on attributes
- Perform authorization based on route or internal application logic with Open Policy Agent (OPA) or custom rules
Migration and Interoperability
- Transition tokens from legacy systems (e.g., Laravel, Devise, Ping) to a new identity provider
- Progressive Migrations: enable interoperability between old and new systems
- Migrate to a new system without invalidating sessions
Data Governance
- Centralize audit log collection for authentication and authorization
- Enhance logging to improve product analytics and user attribution
- Monitor API traffic for data governance, data loss prevention (DLP), and Personally Identifiable Information (PII) detection
Security
- Monitor service accounts and identity requests for security hygiene
- Denylist compromised tokens and credentials
Quick links
This is a list of common tasks that you may encounter when working with Gate, and a link to the relevant documentation.
| I want to... | So I should read... |
|---|---|
| Add fine-grained authorization to my APIs | OAuth 2.0 scopes with Gate + OpenAPI |
| Authenticate requests | Edge Authentication |
| Implement distributed rate limiting | Rate Limiting Using GCRA |
| Detect PII in transit | Protecting Exposed APIs: Avoid Data Leaks with SlashID Gate and OPA |
| Add custom claims to JWTs | Token enrichment: Add custom claims |
| Control access to LLMs and other APIs | Firewalling OpenAI APIs |
| Enforce authorization policies with OPA | Authorization with Gate |
| Add passkeys or MFA to internal applications | No-code anti-phishing protection of internal apps with Passkeys |
| Deploy Gate as a Lambda on AWS | Gate on AWS as Lambda Authorizer |
| Deploy Gate as an external authorizer for Envoy | Gate as ExtAuth service |
| Deploy Gate as a Cloud Run service | Gate on GCP as Cloud Run Service |
| Deploy Gate as K8s Ingress | Deploying Gate Kubernetes with Ingress |
Next steps
Work through the Setup section to learn how to install, configure and deploy Gate.
Specific use cases are detailed in the Use Cases section.
If you're not sure whether Gate is the right choice for you, check out the FAQs for more information.