Stream Authentication
In addition to basic authentication using traefik
, Hydrolix also supports token-based authentication when streaming to a table. With stream authentication, you must pass a valid token to stream data into a table. You can define an array of tokens in each table's configuration.
Not a Bearer Token
This table-specific streaming token is different from the Bearer token used for user authentication.
Usage
You can pass tokens in one of two ways:
- the query string, e.g.
https://my.hydrolix.cluster/ingest/event?token=token1
- the HTTP header
x-hdx-token
Always URL encode your tokens so they're compatible with query string authentication.
You can see usage, including valid and invalid requests per token, in the Prometheus reporting.
Always use TLS with stream authentication. This ensures that tokens are always encrypted when sent over the Internet.
Example
To enable token-based authentication, set the following values in the stream field of your table settings:
- set
token_auth_enabled
to true in the stream settings of the table - set
token_list
to an array of tokens. This allows for easy token rotations as well as using multiple tokens at the same time.
The following snippet shows a full example of a stream authentication configuration for a table:
"settings": {
...
"stream": {
"token_auth_enabled": true,
"token_list": ['token1', 'token2']
}
...
}
Updated about 2 months ago