1. Federation
  2. The IdenbtityHub as a gateway


The IdenbtityHub as a gateway


For the usage as a gateway, there are some new configuration options. The example below will let the IdentityHub start as a gateway for two services (eDirectory and Active Directory)




For any service you want to use, it is enough to configure a unique name and the fully qualified url to the graphql endpoint of the service. The gateway itself, at least when working with other IdentityHubs as services, needs an apiKey. This key is used for the sdl request. This request is made to any configured service to retrieve the schema of that service. Since the IdentityHub requires authentication, which we cannot provide on startup, we are using the api key. Any service needs to configure a set of (or single) api keys that it trusts:


That allows any client that sends one of the configured authorizedApiKeys is allowed to perform the query:

  _service {

Without the api key, the IdentityHub will answer with a 401 status code if no authorization header is provided.

The pollingInterval is the amount of time after which the gateway will re-fetch the schemas from the services. This can be null, so the gateway will not poll at all and will use the schema it initially created.

The properties retryServicesCount and retryServicesInterval define how often and after what time the gateway should try to fetch the schemas again if it was not successful.

A service itself can configure if it is mandatory. This is true by default and the gateway will throw errors if not all mandatory services are reachable.

For any other configuration properties please see the config section of this documentation.