# Authorization Luden has two types of authorization: API Keys (client/server secrets) and admin tokens. ## YAML Configuration Authorization can be configured via YAML array of objects. ```yaml server: ... api_keys: - id: unique_tokenId client_secret: bd33c5fa-d69f-11ea-87d0-0242ac130003 server_secret: 5f15eba2-db58-11ea-87d0-0242ac130003 origins: - '*abc.com' - 'efg.com' - id: unique_tokenId2 client_secret: 123jsy213c5fa-c20765a0-d69f003 - id: unique_tokenId3 server_secret: 231dasds-3211kb3rdf-412dkjnabf destinations: ... ``` Also, API Keys can be configured via plain string. In this case, the plain string will be parsed as a client secret. ``` server: ... api_keys: 193b6281-f211-47a9-b384-102cf4cd2d55 #client secret destinations: ... ``` ## HTTP URL ``` server: api_keys_reload_sec: 30 ... api_keys: 'https://token-source.com/path' destinations: ... ``` {% hint style="info" %} Authorization will be reloaded every api\_keys\_reload\_sec seconds. Default value is 3 seconds. {% endhint %} HTTP requests are sent with `If-Modified-Since` header. If HTTP response returns 304 code authorization isn't reconfigured. If authorization content was changed (or logic isn't supported) - HTTP response must return 200 code, `Last-Modified` header, and body with the following structure: ``` { "tokens": [ #array of json objects { "id": "uniq_id_1", "client_secret": "123dasbc", "server_secret": "abcc22", "origins": ["abc.com", "*.yourdomain.com"] } ] } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ciusji.gitbook.io/luden/configuration/authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.