The API Gateway verifies API Keys at the edge and swaps them for a JWT carrying user and organization information. This avoids your backend from needing to implement two validation flows: one for users and one for api keys.
Your backend reads the claims off the JWT, the same way it does for AuthKit sessions. You no longer need to call out to the WorkOS API to verify the API key, which reduces latency. Your code is simpler with only one auth pattern instead of two. Reach out for early access. Learn more in the blog.
