> @zhaohuabing can we reuse the same Envoy Filter for API key auth ? 

The problem is, unlike HTTP Basic Auth, API key auth is much more flexible, the key can be in the header, path, or even body. I think we will need a dedicated envoy filter in Envoy if we want to support API key auth, we can follow the open API specs: https://swagger.io/docs/specification/authentication/api-keys/#:~:text=API%20keys%20are%20supposed%20to,mechanisms%20such%20as%20HTTPS%2FSSL.

Originally posted by @zhaohuabing in #1660 (comment)