I agree, the pipeline is a bit inscrutable. Your best bet is to look at how existing pipeline stuff works. Authentication is one, though it's fairly complicated. I wrote a csrf thing that is similar to authn (but much simpler); perhaps it may be helpful. https://bitbucket.org/marshallpierce/ktor-csrf/src/master/