Deploying applications on Unkey is in public beta. To try it, open the product switcher in the
top-left of the dashboard and select Deploy. During beta, deployed
resources are free. We’re eager for feedback, so let us know what you think
on Discord, X, or
email support@unkey.com.
Per-environment policies
You configure policies separately for each environment in your project. Production and preview can enforce different rules, and a policy change in preview never affects production traffic. Unkey applies the right policies based on which deployment serves the request.Policy enforcement
When a request reaches your deployment’s URL, the gateway evaluates every configured policy in order. If all policies pass, the gateway forwards the request to a healthy instance of your deployment in the same region. If any policy rejects the request, the gateway returns an error and your app never sees it. Within a region, the gateway distributes requests across your running instances at random. There is no session affinity. All of the gateway’s request processing is built on policies. The most common ones are:- Authentication: Verifies API keys before your code runs, and forwards the authenticated identity to your app via a request header
- Rate limiting: Enforces rate limits on specific routes or subjects, rejecting excess traffic before it reaches your instances
- Logging: Records the full HTTP request and response, including headers and body, for debugging and observability
Configuration
The dashboard supports API key authentication, rate limiting, firewall, and OpenAPI validation policies today. For other policy types, contact support@unkey.com.
- Open your project’s policy settings in the dashboard.
- Create a policy and select its type (API key authentication, rate limiting, firewall, or OpenAPI validation).
- Configure match conditions and policy-specific settings.
- Save your changes.