Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi Ory Community! Could you help me with the following beginner’s question: How can I protect the hydra *admin* endpoint so that it is accessible from other networks? In my case, I need to call the admin API from google cloud functions, that is, I would like to have an access token that allows me to access the hydra admin API (similar to how auth0 allows me to create access tokens to the auth0 management API). Many thanks!

I’m thinking about re-creating auth0 management API with expressjs that allows me to access all ory admin APIs, and then create a ory hydra client for each application that needs to consume that API

Or is that a use-case for ory oathkeeper?

Never mind, you already documented it :see_no_evil: <https://www.ory.sh/docs/kratos/reference/api>

_To protect the administative API port you should use something like Nginx, Ory Oathkeeper, or any other technology capable of authorizing incoming requests._