Skip to main content

Getting started

Gate is our identity-aware Edge Authorizer for APIs and workloads. Gate runs either as a proxy, as a sidecar or an Envoy-compatible ExtAuth authentication service. Gate works with existing API Gateway and reverse proxies (for example: Kong, Nginx, Envoy, AWS API Gateway) and performs identity-related operations on incoming traffic.

Gate is the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads. Gate can also be used to enforce fine-grained authorization policies and modern authentication with passkeys for internal applications.

What you can use Gate for

This is a non-exhaustive list of use cases you can use Gate for:

  • Add authentication, authorization, rate limiting and caching to your APIs
  • Add phishing-resistant authentication and fine-grained authorization to internal applications without code changes
  • Augment tokens with either some (based on context) or all /id attributes
  • Augment tokens with custom claims from external sources
  • Allow/Deny requests based on either /id groups or external IdP groups (RBAC)
  • Allow/Deny requests based on the attributes. (ABAC)
  • Authorization (OPA or custom rules). Both route-based and within the application logic
  • Migrating tokens from some legacy system (eg: Laravel, Devise, Ping, and so on) to a new IdP
  • Progressive migrations/interoperability of old systems with new ones
  • Migration without invalidating sessions
  • Centralizing AuthN and AuthZ audit-logs
  • Monitor service accounts/identity requests for security hygiene
  • Logging capabilities to improve product analytics and attribution
  • Traffic inspection for data governance/DLP/PII detection
  • Token/credentials blacklisting
  • Session management

Next steps

You can find a list of example use-cases of Gate on the Use cases page.

To check available installation options, please check the Installation page.

Check out the FAQ for more information.