Admin authentication
Admin endpoints require a bearer token in the Authorization header.
Authorization: Bearer <api-key>
Scopesโ
admin- full accessread_only- read-only access to admin endpoints
Primary credential: MASTER_KEYโ
The primary admin credential is the MASTER_KEY. Run ferrogw init to
generate one, then export it before starting the gateway:
export MASTER_KEY="ferro-..." # generated by `ferrogw init`
Use the MASTER_KEY as the bearer token to access admin endpoints (full admin
scope). From there you can issue scoped, persistent API keys via
POST /admin/keys for admin or read_only access.
Deprecated: bootstrap keys
The legacy ADMIN_BOOTSTRAP_KEY / ADMIN_BOOTSTRAP_READ_ONLY_KEY env vars are
deprecated and emit deprecation warnings at startup. They are honored only on
first run while the API key store is empty and MASTER_KEY is unset:
export ADMIN_BOOTSTRAP_KEY=change-me
export ADMIN_BOOTSTRAP_READ_ONLY_KEY=change-me
export ADMIN_BOOTSTRAP_ENABLED=true
Use MASTER_KEY instead.