Stream Authentication

In addition to basic authentication using traefik, Hydrolix also supports token-based authentication when streaming to a table. With stream authentication, you must pass a valid token to stream data into a table. You can define an array of tokens in each table's configuration.


Not a Bearer Token

This table-specific streaming token is different from the Bearer token used for user authentication.


You can pass tokens in one of two ways:

  • the query string, e.g. https://my.hydrolix.cluster/ingest/event?token=token1
  • the HTTP header x-hdx-token

Always URL encode your tokens so they're compatible with query string authentication.

You can see usage, including valid and invalid requests per token, in the Prometheus reporting.

Always use TLS with stream authentication. This ensures that tokens are always encrypted when sent over the Internet.


To enable token-based authentication, set the following values in the stream field of your table settings:

  • set token_auth_enabled to true in the stream settings of the table
  • set token_list to an array of tokens. This allows for easy token rotations as well as using multiple tokens at the same time.

The following snippet shows a full example of a stream authentication configuration for a table:

"settings": {
  "stream": {
    "token_auth_enabled": true,
    "token_list": ['token1', 'token2']