News Automating License Validity Checks with KrakenD

Enterprise Documentation

Recent changes

Authenticated metrics to SaaS providers using OTEL

Document updated on Apr 18, 2024

The OpenTelemetry Security component allows your KrakenD nodes to push data to a remote collector over the Internet that needs authentication, usually adding a token header.

It allows you to run KrakenD without installing a collector in your infrastructure and push data directly to a SaaS provider, saving time by simplifying the infrastructure needed to monitor the activity.

It combines with the telemetry/opentelemetry configuration and separates the authentication data into a new namespace: telemetry/opentelemetry-security.

Push metrics to SaaS

To add authentication, you need a configuration like this:

    "version": 3,
    "telemetry/opentelemetry": {
        "exporters": {
            "otlp": [
                    "name": "newrelic",
                    "host": "",
                    "port": 4317,
                    "use_http": true
    "telemetry/opentelemetry-security": {
        "otlp": [
                "name": "newrelic",
                "headers": {
                    "api-key": "YOUR_NEWRELIC_LICENSE_KEY"

In the example above, the telemetry/opentelemetry is simplified and does not contain all required fields, but notice the following:

  • Both components use the same exporter name, which is a must.
  • The flag use_http is set to true to send all data through HTTPS instead of gRPC, also a must.
  • The example header is api-key, the header name New Relic expects, but each SaaS provider uses a different one.
  • The value of the header is your license or API key as assigned by the SaaS provider

Here are the fields allowed by the component:

Fields of OpenTelemetry Security
* required fields
otlp  *

The list of OTLP exporters that require authentication. Set at least one object to push metrics and traces to an external collector using OTLP. Each item is an object with the following properties:
headers  *

The custom headers you will send to authenticate requests. Each key is the header name you will add to all outgoing reports.

The value of the header, usually an API token.
name  *

The exact name you used to define the exporter under telemetry/opentelemetry.
Examples: "newrelic" , "remote_datadog"

When the credentials do not work, you’ll see failure messages in the log when pushing the metrics. These usually look like this:

▶ ERROR [SERVICE: OpenTelemetry] failed to upload metrics: failed to send metrics to 403 Forbidden

Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.