Configure API gateway for API key-based access control


  • Configuration takes place in Airlock Gateway.
  • An Airlock Gateway license must be available.
  • You need to be logged in as admin in the Airlock Gateway Configuration Center.
  • A virtual host has been set up.
  • A back-end group has been set up.
  • A mapping between the virtual host and back-end group has been established.


  • 1.
    Go to:
  • System Setup >> Network Service

  • 2.
    Add the required Airlock IAM API Policy Service endpoint(s).
  • 3.
    Go to:
  • Application Firewall >> Reverse Proxy

  • 4.
    Choose the corresponding Mapping and open it.
  • 5.
    In the Access tab, edit the column Restricted to Plans (add more rows if required).
  • 6.
    Switch to the API Security tab.
  • 7.
    Enable the API Security policy service.
  • 8.
    Choose the correct API policy service.
  • 9.
    Select and configure the API Key Extraction types.
  • 10.
    Activate the configuration.
  • API key-based access control is now enabled

Further information and links