Expand description
Authentication filters for the bitrouter gateway.
Implements a LiteLLM-style key model:
- A master key (configured in
bitrouter.yaml) grantsScope::Adminaccess — it can call API endpoints and manage accounts/keys. - Virtual keys (created via the
/key/generateendpoint using the master key) grantScope::Apiaccess — they can call API endpoints only.
Credentials are extracted from the protocol-appropriate header:
| Protocol | Header |
|---|---|
| OpenAI | Authorization: Bearer <key> |
| Anthropic | x-api-key: <key> |
| Management | Authorization: Bearer <key> |
When no master_key is configured, auth is disabled and all requests are
allowed through (open proxy mode).
Structs§
- Auth
Context - Shared auth state passed into filters.
- Unauthorized
Functions§
- anthropic_
auth - Build an auth filter for Anthropic-protocol routes (
x-api-key). - any_
credential - Warp filter: extract credential from either
Authorization: Bearerorx-api-key(Anthropic-style). Bearer takes precedence. - bearer_
credential - Warp filter: extract credential from
Authorization: Bearerheader. - hash_
key - SHA-256 hash a key string, returning hex-encoded digest.
- management_
auth - Build an auth filter for management routes. Accepts both Bearer and x-api-key.
- openai_
auth - Build an auth filter for OpenAI-protocol routes (
Authorization: Bearer). - x_
api_ key_ credential - Warp filter: extract credential from
x-api-keyheader.