Manage Consumer Credentials

A consumer is an application or a developer that consumes your API. Enabling authentication on a route in your API allows you to control access, requiring consumers to obtain the credentials before accessing the route.

Consumers are typically created after APIs are published. In API7 Gateway, creating a consumer requires a unique username and configuring an authentication plugin.

This tutorial guides you in creating a consumer and configuring key authentication.

Prerequisites

1. Publish a service.
2. Set up API authentication.

Add a Consumer

Dashboard

1. Select Services from the side navigation bar to add a new consumer.
2. Select Consumers from the side navigation bar and then click Add Consumer.
3. From the Add Consumer dialog box, do the following:
   1. In the Gateway Group field, choose the gateway group to add your consumer.
   2. in the Name field, enter the name of the consumer, for example, Alice.
4. Click Add.

ADC

To use ADC to create a consumer, update your configuration as shown:

adc.yaml

services:
  - name: httpbin API
    upstream:
      name: default
      scheme: http
      nodes:
        - host: httpbin.org
          port: 80
          weight: 100
    routes:
      - uris:
          - /ip
        name: api-consumption-ip
        methods:
          - GET
consumers:
  - username: Alice

Synchronize the configuration to API7 Enterprise:

adc sync -f adc.yaml

Enable Key Authentication for the Consumer

Dashboard

1. Select the gateway group where the consumer is located.

2. Select your consumer.

3. In the Plugins field, search for the key-auth plugin.

4. Click the Plus icon (+).

5. In the dialog box that appeared, add the following configuration to the JSON Editor:

   {
     "key": "secret-key"
   }

6. Click Enable.

ADC

To use ADC to enable key authentication, update your configuration:

adc.yaml

services:
  - name: httpbin API
    upstream:
      name: default
      scheme: http
      nodes:
        - host: httpbin.org
          port: 80
          weight: 100
    routes:
      - uris:
          - /ip
        name: api-consumption-ip
        methods:
          - GET
consumers:
  - username: Alice
    plugins:
      key-auth:
        _meta:
          disable: false
        key: secret-key

Synchronize the configuration to API7 Enterprise:

adc sync -f adc.yaml

Validate

Follow the steps below to validate the key authentication.

Send a Request without a Key

Send a request without the apikey header:

curl -i "http://127.0.0.1:9080/ip"  

Since the key is not provided, you will receive an HTTP/1.1 401 Unauthorized response with the following request body:

{"message":"Missing API key found in request"}

Send a Request with a Wrong Key

Send a request with a wrong key in the apikey header:

curl -i "http://127.0.0.1:9080/ip" -H "apikey: wrongkey" 

Since the key is wrong, you will receive an HTTP/1.1 401 Unauthorized response with the following request body:

{"message":"Invalid API key in request"}

Send a Request with the Correct Key

Send a request with the correct key in the apikey header:

curl -i "http://127.0.0.1:9080/ip" -H "apikey: secret-key" 

With the correct key in the request, you will receive an HTTP/1.1 200 OK response with the following request body:

{
  "origin": "192.168.0.102, 35.259.159.12"
}

Additional Resource(s)

• Key Concepts
  • Services
  • Routes
  • Plugins
  • Consumers
• API Security
  • Set up API authentication
• API Consumption
  • Apply list-based access control