Documentation Index
Fetch the complete documentation index at: https://docs.draskencloud.com/llms.txt
Use this file to discover all available pages before exploring further.
Header injection rules let you add, remove, or transform headers on the forwarded request without touching your backend code.
Add fixed headers to every upstream request:
{
"headers": {
"add": {
"X-Gateway": "nexus",
"X-Internal-Source": "gateway"
},
"remove": ["X-Powered-By", "Server"],
"response_add": {
"X-Content-Type-Options": "nosniff"
},
"response_remove": ["X-Frame-Options"]
}
}
{
"headers": {
"inject": [
{
"header": "X-User-Id",
"from": "metadata.user_id"
},
{
"header": "X-Request-Path",
"from": "request.path"
},
{
"header": "X-Api-Version",
"from": "request.query.version",
"default": "v1"
}
]
}
}
Injection Sources
| Source | Description |
|---|
metadata.<key> | Value from the authenticated token’s metadata map |
request.header.<name> | Value of an incoming request header |
request.path | The request path |
request.method | The HTTP method (uppercased) |
request.query.<param> | A named query-string parameter |
{
"headers": {
"required": ["X-Tenant-ID", "X-Request-ID"]
}
}
400 Bad Request.
Validate header values against rules:
{
"headers": {
"validate": [
{
"name": "X-Api-Version",
"kind": "oneof",
"value": ["v1", "v2"]
},
{
"name": "X-Tenant-ID",
"kind": "regex",
"value": "^[a-z0-9-]{3,64}$"
}
]
}
}
| Kind | Description |
|---|
exact | Value must match exactly |
regex | Value must match the regex pattern |
oneof | Value must be one of the listed strings |
# Create token with metadata
curl -X POST .../tokens \
-d '{
"name": "Mobile App",
"scopes": ["read"],
"metadata": {
"tenant_id": "acme",
"plan": "pro"
}
}'
{
"headers": {
"inject": [
{"header": "X-Tenant-ID", "from": "metadata.tenant_id"},
{"header": "X-Plan", "from": "metadata.plan"}
]
}
}
