diff --git a/daprdocs/content/en/operations/security/api-token.md b/daprdocs/content/en/operations/security/api-token.md index aa30b3975..2722f67a5 100644 --- a/daprdocs/content/en/operations/security/api-token.md +++ b/daprdocs/content/en/operations/security/api-token.md @@ -88,7 +88,11 @@ kubectl rollout restart deployment/ --namespace **Note:** The Dapr SDKs read the [DAPR_API_TOKEN]({{< ref environment >}}) environment variable and set it for you by default. + + ### HTTP diff --git a/daprdocs/content/en/operations/security/app-api-token.md b/daprdocs/content/en/operations/security/app-api-token.md index 401e561e6..9a9264ed2 100644 --- a/daprdocs/content/en/operations/security/app-api-token.md +++ b/daprdocs/content/en/operations/security/app-api-token.md @@ -89,14 +89,16 @@ kubectl rollout restart deployment/ --namespace ` in the calls to the app. From the app side, ensure you are authenticating using the `dapr-api-token` value, even though you set `app-api-token` to enable API authentication. +Once app token authentication is configured using the environment variable or Kubernetes secret `app-api-token`, the Dapr sidecar always includes the HTTP header/gRPC metadata `dapr-api-token: ` in the calls to the app. From the app side, ensure you are authenticating using the `dapr-api-token` value which uses the `app-api-token` you set to authenticate requests from Dapr. + + ### HTTP In your code, look for the HTTP header `dapr-api-token` in incoming requests: ```text -a-api-token: +dapr-api-token: ``` ### gRPC diff --git a/daprdocs/static/images/tokens-auth.png b/daprdocs/static/images/tokens-auth.png new file mode 100644 index 000000000..0eb566d7c Binary files /dev/null and b/daprdocs/static/images/tokens-auth.png differ