API Key Management

Overview

With Speakeasy’s API key management, your users can create and revoke API keys in your API portal. Set up is easy: Speakeasy integrates directly with your API gateway to externalize key management through an OpenAPI Spec extension; it works with any API Gateways that supports OIDC2 workflows and external token sources. This includes Google Cloud Endpoints, Kong, Apigee, AWS API Gateway and more.

For information on setting up API key management, please see, Gateway Integration

Self Service Key Managment

With Speakeasy you can enable your API users to manage long lived API keys that they can create and revoke themselves. Speakeasy Platform does not act as an authentication provider but instead integrates directly with your API gateway to externalise the management of API keys. For every API key managed by your gateway we will ensure one public/private RSA key pair is managed through Speakeasy. This enables a secure and scalable key management while leveraging the existing authentication and request termination mechanisms of your API gateway.

We can currently integrate with any API Gateways that support OIDC workflows and external token sources. This includes Google Endpoints, Kong, Apigee, or a native Envoy solution. We've tested API key management at scale and can support hundreds of thousands of API keys without significant performance impact. Please reach out to us at info@speakeasyapi.dev if you are interested in a performance benchmark.