Authentication

Set up and configure authentication for your InferXgate deployment.

InferXgate supports multiple authentication methods to secure your API.

Authentication Methods

1. JWT Tokens

JSON Web Tokens for user authentication:

# Get a token
curl -X POST http://localhost:3000/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "secret"}'

# Response
{"token": "eyJhbGciOiJIUzI1NiIs..."}

Use the token:

curl http://localhost:3000/v1/chat/completions \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

2. API Keys

Create virtual API keys for applications:

# Create an API key
curl -X POST http://localhost:3000/auth/keys \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production App"}'

# Response
{"key": "ix-api-key-abc123..."}

Use API keys:

curl http://localhost:3000/v1/chat/completions \
  -H "Authorization: Bearer ix-api-key-abc123..."

# Or with X-API-Key header
curl http://localhost:3000/v1/chat/completions \
  -H "X-API-Key: ix-api-key-abc123..."

3. No Authentication

For development or internal use:

REQUIRE_AUTH=false

Configuration

# Require authentication (default: false)
REQUIRE_AUTH=true

# JWT secret (required if auth enabled)
JWT_SECRET=your-secure-random-string-minimum-32-chars

# Token expiry in seconds (default: 86400 = 24 hours)
JWT_EXPIRY_SECONDS=86400

# Restrict registration to specific email domains
ALLOWED_EMAIL_DOMAINS=company.com,partner.com

User Registration

curl -X POST http://localhost:3000/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword",
    "name": "John Doe"
  }'

Managing API Keys

List Keys

curl http://localhost:3000/auth/keys \
  -H "Authorization: Bearer $JWT_TOKEN"

Revoke a Key

curl -X DELETE http://localhost:3000/auth/keys/key-id \
  -H "Authorization: Bearer $JWT_TOKEN"

OAuth (GitHub)

Enable GitHub OAuth:

GITHUB_CLIENT_ID=your-client-id
GITHUB_CLIENT_SECRET=your-client-secret

Login flow:

GET /auth/github → Redirect to GitHub
GET /auth/github/callback → Returns JWT token

Best Practices

  1. Use strong JWT secrets - At least 32 random characters
  2. Rotate API keys - Periodically regenerate keys
  3. Use HTTPS - Always encrypt traffic in production
  4. Limit domains - Restrict registration to your organization
  5. Set reasonable expiry - Balance security and convenience