Ktor API Key Authentication Provider

Simple authentication provider for Ktor that verifies presence of the API key in the header. Useful if you want to use X-Api-Key or similar approaches for request authentication.


Include following in your build.gradle.kts:

implementation("dev.forst", "ktor-api-key", "1.0.0")


This is minimal implementation of the Ktor app that uses API Key authentication:

 * Minimal Ktor application with API Key authentication.
fun Application.minimalExample() {
    // key that will be used to authenticate requests
    val expectedApiKey = "this-is-expected-key"

    // principal for the app
    data class AppPrincipal(val key: String) : Principal
    // now we install authentication feature
    install(Authentication) {
        // and then api key provider
        apiKey {
            // set function that is used to verify request
            validate { keyFromHeader ->
                    .takeIf { it == expectedApiKey }
                    ?.let { AppPrincipal(it) }

    routing {
        authenticate {
            get {
                val p = call.principal<AppPrincipal>()!!
                call.respondText("Key: ${p.key}")

For details see MinimalExampleApp.kt with this example application and TestMinimalExampleApp.kt which verifies that this app works as expected.

For more advanced configuration see TestApiKeyAuth.kt.


View Github