Quick Start
In this guide you will put AuthGate in front of a free public API and call it through your own gateway URL.
You will build this:
Browser or curl
-> https://your-gateway.authgate.site/users/1
-> AuthGate route
-> https://jsonplaceholder.typicode.com/users/1We start with a PUBLIC route because it is easier to test. After routing works, you can make another route SECURE and protect it with an API key, OAuth2, JWT, or a BFF session depending on the gateway type.
Before you start
You need:
- an AuthGate account
- a workspace or tenant
- access to the AuthGate dashboard
Create the gateway
Open the gateway dashboard
Go to API Gateway > Create Gateway.
Choose the gateway type
For your first test, choose a normal API Gateway.
Use API Key as the auth type. This lets you test both public routes and secure routes later.
Name the gateway
Use a short name such as:
my-first-apiAfter creation, AuthGate gives the gateway a runtime URL. In production it usually looks like:
https://my-first-api.authgate.siteAdd a backend service
A service is the real backend API that AuthGate forwards requests to.
Open the gateway, go to Services, then click Add Service.
Use this example:
| Field | Value |
|---|---|
| Service name | json-placeholder |
| Target URL | https://jsonplaceholder.typicode.com |
Add a public route
A route tells AuthGate which public path should forward to which service path.
Open Routes, click Add Route, and create this route:
| Field | Value |
|---|---|
| Service | json-placeholder |
| Method | GET |
| Public path | /users/{id} |
| Target path | /users/{id} |
| Security | PUBLIC |
The {id} part is a path variable. If the user calls /users/1, AuthGate forwards to /users/1 on the target service.
Test the route
Replace the domain with your own gateway URL:
curl https://my-first-api.authgate.site/users/1Expected result: JSON for one user from JSONPlaceholder.
Make a secure route after the public test works
When the public route works, try a protected route:
- Create or update a route and set Security to
SECURE. - Go to API Consumers.
- Create an API consumer.
- Copy the API key once. AuthGate only shows the secret value at creation time.
- Call the secure route with the key:
curl https://my-first-api.authgate.site/users/1 \
-H "X-Api-Key: <your_api_key>"If you remove the X-Api-Key header from a secure API Key route, AuthGate should return an unauthorized response.
Common mistakes
| Problem | What to check |
|---|---|
404 or route not found | The public path and HTTP method must match the request. |
| Upstream error | Confirm the service target URL works directly in your browser or with curl. |
| Unauthorized | The route may be SECURE. Send the correct API key or make the route PUBLIC while testing. |
| Wrong path | Remember that public path is the gateway path, and target path is the backend service path. |