Skip to main content

Parameters

See plugin common configurations for configuration options available to all plugins.

  • uri

    string

    required

    URI of the external authorization service.

  • ssl_verify

    boolean

    default: true

    If true, verify the authorization service's SSL certificate.

  • request_method

    string

    default: GET

    vaild vaule:

    GET or POST

    HTTP method APISIX uses to send requests to the external authorization service. By default, APISIX sends GET requests to the external authorization service.

    When set to POST, APISIX will send POST requests along with the request body to the external authorization service. This is, however, not recommended. If the authorization decision depends on request parameters from a POST body, it is recommended to extract the necessary fields using $post_arg.* and pass them via the extra_headers field. This approach avoids sending the full request body, reduces overhead, and keeps the authorization service focused on headers for decision-making.

  • request_headers

    array[string]

    Client request headers that should be forwarded to the external authorization service. If not configured, only headers added by APISIX are forwarded, such as X-Forwarded-*.

  • upstream_headers

    array[string]

    External authorization service response headers that should be forwarded to the upstream service. If not configured, no headers are forwarded to the upstream service.

  • client_headers

    array[string]

    External authorization service response headers that should be forwarded to the client when authentication fails. If not configured, no headers are forwarded to the client.

  • extra_headers

    object

    Additional headers to send to the authorization service. Support built-in variables in values.

    The feature is currently only in API7 Enterprise and will become available in APISIX 3.14.0.

  • timeout

    integer

    default: 3000

    vaild vaule:

    between 1 and 60000 inclusive

    Timeout for the external authorization service HTTP call in milliseconds.

  • keepalive

    boolean

    default: true

    If true, keep the connections open for multiple requests.

  • keepalive_timeout

    integer

    default: 60000

    vaild vaule:

    greater than or equal to 1000

    Idle time after which the established HTTP connections will be closed.

  • keepalive_pool

    integer

    default: 5

    vaild vaule:

    greater than or equal to 1

    Maximum number of connections in the connection pool.

  • allow_degradation

    boolean

    default: false

    If true, allow APISIX to continue handling requests without the plugin when the plugin or its dependencies become unavailable.

  • status_on_error

    integer

    default: 403

    vaild vaule:

    between 200 and 599 inclusive

    HTTP status code to return to the client when there is a network error with the external authorization service.

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2025. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation