|
| 1 | +--- |
| 2 | +pcx_content_type: configuration |
| 3 | +title: Authentication |
| 4 | +sidebar: |
| 5 | + order: 7 |
| 6 | +head: [] |
| 7 | +description: Add security by requiring a valid authorization token for each request. |
| 8 | +--- |
| 9 | + |
| 10 | +The Authenticated Gateway feature in AI Gateway adds security by requiring a valid authorization token for each request. This feature is especially useful when storing logs persistently, as it prevents unauthorized access and protects against “log bombing.” With Authenticated Gateway enabled, only requests with the correct token are processed. |
| 11 | + |
| 12 | +:::note[Note] |
| 13 | +We recommend enabling Authenticated Gateway when opting to store logs with AI Gateway. |
| 14 | +::: |
| 15 | + |
| 16 | +:::caution[Caution] |
| 17 | +If Authenticated Gateway is enabled but a request does not include the required `cf-aig-authorization` header, the request will fail. This setting ensures that only verified requests pass through the gateway. To bypass the need for the `cf-aig-authorization` header, make sure to disable Authenticated Gateway. |
| 18 | +::: |
| 19 | + |
| 20 | +## Setting up Authenticated Gateway using the Dashboard |
| 21 | + |
| 22 | +1. Go to the Settings for the specific gateway you want to enable authentication for. |
| 23 | +2. Select **Create authentication token** to generate a custom token with the required `Run` permissions. Be sure to securely save this token, as it will not be displayed again. |
| 24 | +3. Include the `cf-aig-authorization` header with your API token in each request for this gateway. |
| 25 | +4. Return to the settings page and toggle on Authenticated Gateway. |
| 26 | + |
| 27 | +## Example request with OpenAI |
| 28 | + |
| 29 | +```bash |
| 30 | +curl https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/openai/chat/completions \ |
| 31 | + --header 'cf-aig-authorization: Bearer {CF_AIG_TOKEN}' \ |
| 32 | + --header 'Authorization: Bearer OPENAI_TOKEN' \ |
| 33 | + --header 'Content-Type: application/json' \ |
| 34 | + --data '{"model": "gpt-3.5-turbo", "messages": [{"role": "user", "content": "What is Cloudflare?"}]}' |
| 35 | +``` |
| 36 | + |
| 37 | +## Setting Authenticated Gateway using the API |
| 38 | + |
| 39 | +For API setup, see the [API documentation](https://developers.cloudflare.com/api/operations/aig-config-create-gateway/). |
| 40 | + |
| 41 | +## Expected behavior |
| 42 | + |
| 43 | +The following table outlines gateway behavior based on the authentication settings and header status: |
| 44 | + |
| 45 | +| Authentication Setting | Header Info | Gateway State | Response | |
| 46 | +| ---------------------- | -------------- | ----------------------- | ------------------------------------------ | |
| 47 | +| On | Header present | Authenticated gateway | Request succeeds | |
| 48 | +| On | No header | Error | Request fails due to missing authorization | |
| 49 | +| Off | Header present | Unauthenticated gateway | Request succeeds | |
| 50 | +| Off | No header | Unauthenticated gateway | Request succeeds | |
0 commit comments