api-keys.yaml.example

# API Keys Configuration Example
# Copy this file to api-keys.yaml and configure your API keys

# API key definitions
# Each key can have restricted access to specific MCP servers
api_keys:
  # Example 1: Platform API key with allowed servers (whitelist approach)
  your-platform-key-here:
    name: "platform-app"
    description: "Frontend platform application with access to specific servers"
    allowed_servers:
      - arda-insights
      - arda-credit-api
    created_at: "2025-01-15"
    
  # Example 2: Internal API key blocking one server (blacklist approach)
  your-internal-key-here:
    name: "internal-app"
    description: "Internal application with access to all servers except one"
    disallowed_servers:
      - ardaglobal-grok  # Block access to this server only
    created_at: "2025-01-15"

  # Example 3: Development key with wildcard access
  dev-key-123:
    name: "development"
    description: "Development and testing key with full access"
    allowed_servers: "*"  # Special value: access to all servers
    created_at: "2025-01-15"

  # Example 4: Analytics key blocking sensitive servers
  analytics-key-456:
    name: "analytics-service"
    description: "Analytics service blocked from production servers"
    disallowed_servers:
      - arda-credit-api
      - arda-platform-api
    created_at: "2025-01-15"

# Notes:
# - The key (e.g., "your-platform-key-here") is the actual API key value used in X-API-Key header
# - Use EITHER allowed_servers OR disallowed_servers (not both):
#   
#   allowed_servers: Whitelist approach
#   * A list of specific server names from servers.yaml
#   * The string "*" to grant access to all servers
#   
#   disallowed_servers: Blacklist approach
#   * A list of servers to block - grants access to all OTHER servers
#   * Useful when you want to block access to just one or a few servers
#
# - Server names must match those defined in servers.yaml
# - Generate new API keys with: make generate-api-key