Documentation
/ Gate
••••••••••••••••••••••••••••••••••

The Identity-aware Edge Authorizer

Gate is the fastest way to add authentication, authorization, and rate limiting to your APIs and workloads.

Trusted by

Sysdig
Digital Garage
Meero
GetHarley
kakaku.com
GTS Group
Sysdig
Digital Garage
Meero
GetHarley
kakaku.com
GTS Group
Secure Your APIs and Workloads/Use Cases

How Can Gate Help?

Speed up IdP migrations, secure your APIs, detect PII. Gate can help you with all of that and more.

Token Management

Verify tokens, add custom claims to your identity tokens, translate tokens between different IdPs for migration and federation.

Docs

M2M & API Authentication and Authorization

Authenticate and authorize s2s or m2m interactions with OAuth 2.0 client credentials, API keys or mTLS.

Docs

Application Access Panel

Adopt Zero Trust. Add Identity-based access and WebAuthn MFA to internal applications.

Docs

Identity-based Rate Limiting, Caching, and Audit Logs

Implement distributed caching and rate limiting based on specific token claims.

Docs

Authentication and Authorization at the Edge

Delegate authentication and authorization to Gate and easily enforce OPA/RBAC/ABAC policies for users, APIs and workloads.

Docs

PII detection

Detect token misuse and PII leaks with Gate's built-in detection engine.

Docs
Case Studies/Proven Approach

Top Tier Companies Adopt Edge Identity

Netflix Migrated to an Edge Authentication Model to Merge Their Identities.

Netflix

Authorization with Envoy at Square

Square

Protecting Web Applications via Envoy OAuth2 Filter at J.P.Morgan

J.P.Morgan

AEGIS — Ankorstore's Platform Authentication System

Ankorstore

Rebuilding and Migrating a Session Management System with Zero Downtime

Doordash
Benefits/Why Gate

The Fastest Way to Secure Your APIs and Workloads

AuthN, AuthZ, and Data Governance in One Place

No more lambdas, middleware, and custom plugins spread out in your infrastructure and your application. 

plugins:
    - id: translator_up
      type: token-translation-upgrade
      enable_http_caching: true
      enabled: false
      parameters:
        <<: *slashid_config
        header_with_token: Authorization
        map_token_endpoint: http://backend:8000/map_token
urls: 
    - pattern: "*/api/admin"
      target: http://backend:8000
      plugins:
        translator_up:
          enabled: true
        validator:
          enabled: true
          parameters:
            token_schema: |
              patternProperties:
                user_roles:
                  contains:
                    const: admin
              required:
                - user_roles

yaml

25/25 ln

Multi-cloud and On-Premise, Any Topology.

Gate can run in any cloud and on-prem. Gate can be deployed as an external authorizer for Envoy-based proxies, a standalone service, or as a sidecar.

Your Specs as Your Single Source of Truth

Gate can be configured through annotations on your OpenAPI specs.

Low Latency and High Performance

Gate can cache tokens, reducing the number of roundtrips needed for each request. Gate also embeds an OPA engine to process Rego policies locally.

Security-First

Provide audit logs, simplify Infosec/compliance audits, enforce least-privilege access policies, and detect PII and sensitive data.


Identity Provider Agnostic

Gate can verify, enrich, and translate any token from any IdP, including SAML and OIDC tokens.

Any Authorization Model

ABAC, RBAC, PBAC - Gate supports any major authorization model.

Identity-based Rate Limiting

Gate can rate limit based on token claims, increasing performance and security.

Compatible with

AWS
Azure
Envoy
Istio
GCP
Kong
Kubernetes
nginx
Deploy Gate/Get Started

A breeze to deploy


Two simple steps:

1. Create a Gate configuration based on your IaC tools or annotate your OpenAPI specs

2. Deploy Gate in your infrastructure

That's it! 


/groups/{group_name}/persons:

parameters:
  - $ref: "#/components/parameters/OrgIDHeader"
  - $ref: "#/components/parameters/GroupNamePathParam"

post:
  x-gate-opa: true
  x-gate-enabled-plugins: ["reminter", "rate-limit", "validator"]
  x-gate-opa-ruleset: "admin"    
  security:
      - x-gate-auth-type: api-key/jwt/<token type>
  x-gate-rate-limit:
      Rate: 100
      Window: 10
      Token_schema: 
        patternProperties:
          user_roles:
            contains:
              const: admin
        required:
          - user_roles
      Keys:
        -jwtToken.sub

yaml

26/26 ln