News KrakenD CE v2.7 released with better rate-limiting and security options

Enterprise Documentation

Recent changes

You are viewing a previous version of KrakenD Enterprise Edition (v2.5) , go to the latest version

HTTP Per-backend Client settings

Document updated on May 12, 2023

The HTTP client options allow you to set the client TLS settings for each backend, configure the no-redirect behavior, or connect through an external proxy.

You can set the client TLS settings for all backends as a global setting. Nevertheless, you can decide to individually change the client TLS settings for a specific backend.

HTTP client settings

To do so, include the backend/http/client namespace in the backend’s extra configuration. It accepts the following settings:

Fields of HTTP Client options
* required fields

Allows to set specific transport settings when using TLS in your upstream services. See the global Client TLS options for the list of all supported options.

Set no_redirect to true if you don’t want KrakenD to follow redirects and let the consuming user to receive the 30x status code.
Defaults to false

The proxy address used to forward the traffic. The address must contain the protocol and the port.
Example: "http://proxy.corp:9099"

Example of Client TLS

The following configuration defines a custom certificate for any backend in the system through the ca_certs, but the /foo endpoint uses a different certificate instead.

It also prevents the gateway from following the redirections and returns the 302 codes as they are to the client, and finally, it connects using an overridden certificate and through a proxy.

    "version": 3,
    "$schema": "",
    "client_tls": {
        "ca_certs": [
    "endpoints": [
            "endpoint": "/foo",
            "output_encoding": "no-op",
            "backend": [
                    "host": ["https://api"],
                    "url_pattern": "/foo",
                    "encoding": "no-op",
                    "extra_config": {
                        "backend/http/client": {
                            "no_redirect": true,
                            "client_tls": {
                                "allow_insecure_connections": true,
                                "ca_certs": [
                            "proxy_address": ""

Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.