Authentication
ByteProxy provides flexible authentication options to secure your API endpoints.
Overview
Authentication in ByteProxy is configurable per-route type:
- Proxy routes (
/proxy/*) can use a dedicated API key - Management routes (
/manage/*) can use a separate admin API key
This separation allows you to share proxy access while maintaining control over management functions.
Configuration
Authentication is configured in your .env file:
# API Security Settings
PROXY_API_KEY=your_api_key_here
MANAGEMENT_API_KEY=your_admin_key_here
REQUIRE_AUTH_FOR_PROXY=true
REQUIRE_AUTH_FOR_MANAGEMENT=true
You can disable authentication by setting:
REQUIRE_AUTH_FOR_PROXY=false
REQUIRE_AUTH_FOR_MANAGEMENT=false
Authentication Methods
ByteProxy accepts authentication via three methods:
Bearer Token (Recommended)
Authorization: Bearer your_api_key_here
Example:
curl -H "Authorization: Bearer your_api_key_here" \
http://localhost:3420/proxy/github/users/octocat
X-API-Key Header
x-api-key: your_api_key_here
Example:
curl -H "x-api-key: your_api_key_here" \
http://localhost:3420/proxy/github/users/octocat
Query Parameter
?api_key=your_api_key_here
Example:
curl "http://localhost:3420/proxy/github/users/octocat?api_key=your_api_key_here"
Security Considerations
- Environment Variables: Store API keys securely as environment variables
- HTTPS: Always use HTTPS in production to prevent key exposure
- Key Rotation: Rotate API keys periodically
- Minimal Permissions: Use separate keys with minimal permissions
Troubleshooting
If you’re seeing “Unauthorized” errors:
- Verify you’re providing the correct API key
- Check that the key format matches exactly (including any special characters)
- Ensure your
.envfile has the proper keys defined - Restart the server after changing environment variables
- Look for “Auth” related errors in the server logs