Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.draskencloud.com/llms.txt

Use this file to discover all available pages before exploring further.

Nexus supports three authentication types, configured per app via the default_policy.auth field.

Auth Types

TypeDescription
api_keyValidates a bearer token against stored API keys
jwtValidates a signed JWT — supports HS256, RS256, and JWKS
basicHTTP Basic auth against stored credentials
noneNo authentication required

Policy Inheritance

Auth policy is resolved in this order, with more specific levels overriding broader ones: 
App → Version → Revision → Endpoint
If an endpoint has no auth policy, it inherits from the revision, which inherits from the app.

Requiring Auth

By default required: true — unauthenticated requests return 401. Set required: false to allow anonymous access while still extracting identity when a token is present.

Forwarding Claims as Headers

JWT claims can be forwarded to the backend as request headers: 
{
  "auth": {
    "auth_type": "jwt",
    "forward_claims_as_headers": {
      "sub": "X-User-Id",
      "email": "X-User-Email",
      "role": "X-User-Role"
    }
  }
}
The backend receives these headers on every authenticated request.