Skip to main content

Getting started

Gate is our identity-aware Edge Authorizer for APIs and workloads. Gate runs either as a proxy, as a sidecar or an Envoy-compatible ExtAuth authentication service. Gate works with existing API Gateway and reverse proxies (for example: Kong, Nginx, Envoy, AWS API Gateway) and performs identity-related operations on incoming traffic.

Gate is the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads. Gate can also be used to enforce fine-grained authorization policies and modern authentication with passkeys for internal applications.


Here we have a list of common tasks that developers working with Gate are interested in, and indications of where to start with our documentation or blog posts.

I want to ...So I should read ...
Add fine-grained authorization to my APIsOAuth 2.0 scopes with Gate + OpenAPI
Use Gate to authenticate requestsEdge Authentication
Implement distributed rate limitingRate Limiting Using GCRA
Detect PII in transitProtecting Exposed APIs: Avoid Data Leaks with SlashID Gate and OPA
Add custom claims to JWT tokensToken enrichment: Add custom claims
Controlling access to LLMs and other APIsFirewalling OpenAI APIs
Implement authorization policies with OPAAuthorization with Gate
Add Passkeys or MFA to internal applicationsNo-code anti-phishing protection of internal apps with Passkeys
Deploy Gate as a Lambda on AWSGate on AWS as Lambda Authorizer
Deploy Gate as an external authorizer for EnvoyGate as ExtAuth service
Deploy Gate as a Cloud Run serviceGate on GCP as Cloud Run Service
Deploy Gate as K8s IngressDeploying Gate Kubernetes with Ingress

What you can use Gate for

This is a non-exhaustive list of use cases you can use Gate for:

  • Add authentication, authorization, rate limiting and caching to your APIs
  • Add phishing-resistant authentication and fine-grained authorization to internal applications without code changes
  • Augment tokens with either some (based on context) or all /id attributes
  • Augment tokens with custom claims from external sources
  • Allow/Deny requests based on either /id groups or external IdP groups (RBAC)
  • Allow/Deny requests based on the attributes. (ABAC)
  • Authorization (OPA or custom rules). Both route-based and within the application logic
  • Migrating tokens from some legacy system (eg: Laravel, Devise, Ping, and so on) to a new IdP
  • Progressive migrations/interoperability of old systems with new ones
  • Migration without invalidating sessions
  • Centralizing AuthN and AuthZ audit-logs
  • Monitor service accounts/identity requests for security hygiene
  • Logging capabilities to improve product analytics and attribution
  • Traffic inspection for data governance/DLP/PII detection
  • Token/credentials blacklisting
  • Session management

Next steps

You can find a list of example use-cases of Gate on the Use cases page.

To check available installation options, please check the Installation page.

Check out the FAQ for more information.