Logo of the Kleio ad server

Authentication

Kleio is designed to first and foremost be an ad server running within the secure confines of your network. In a typical setup, Kleio is not exposed to the wider world. As a result, it runs without any kind of authentication by default.

If there is no easy way for you to restrict access to the Kleio ad server, you can enable a rudimentary set of protections offered by Kleio. These authentication primitives can be enabled by providing an environment variable named MASTER_PASSWORD.

With a MASTER_PASSWORD set:

  • All requests to the web interface will prompt for this password using basic auth
  • All requests to API endpoint for managing ads, tracking, and running auctions will require you to add a header named API-KEY with the same password as the value

If you set the password to be secretpassword (by adding an environment variable as such: MASTER_PASSWORD=secretpassword), then a request to the API might end up looking like this:

Request

POST
/api/v1/auction
curl -X POST \
  -H "Content-Type: application/json" \
  -H "API-KEY: secretpassword" \
  --data '{}' \
  https://example.com/api/v1/auction

The API-KEY header can safely be left out if you have not enabled authentication.