Ory Oathkeeper is an open source cloud native Identity & Access Proxy (IAP) and Access Control Decision API written in Go. It operates as a reverse proxy or integrates with existing API gateways to authenticate, authorize, and mutate incoming HTTP(s) requests based on configurable access rules. The tool implements Zero Trust and BeyondCorp security models by controlling all incoming network traffic. It forwards authorized requests and rejects unauthorized ones according to defined rule sets. Access rules can be configured to specify upstream URLs, matching patterns, HTTP methods, and processing pipelines. Oathkeeper processes requests through three stages: authentication handlers verify identity, authorization handlers make access decisions, and mutators transform request data. The mutators can enrich requests with data from multiple sources and parse it into custom headers such as X-User-ID or JSON Web Tokens. The product offers multiple deployment options including open source self-hosted, Ory Enterprise License with support and optimized code, and Ory Network as a managed SaaS solution. It can be deployed on any infrastructure and integrates with various API gateways and proxy solutions. Configuration is managed through YAML files that define rules for matching URLs, authentication methods, authorization policies, and mutation strategies. The tool provides flexibility for implementing custom authentication workflows and granular access control policies across different user types including employees, partners, and customers.