Manage Consumer Credentials
A consumer is an application or a developer that consumes your API. Enabling authentication on a route in your API allows you to control access, requiring consumers to obtain the credentials before accessing the route.
Consumers are typically created after APIs are published. In API7 Gateway, creating a consumer requires a unique username and configuring an authentication plugin.
This tutorial guides you in creating a consumer and configuring key authentication.
Prerequisites
Add a Consumer
- Dashboard
- ADC
- Ingress Controller
- Select the gateway group where your service is published.
- Select Consumers from the side navigation bar.
- Click Add Consumer.
- From the dialog box, do the following:
- In the Name field, enter
Alice
. - Click Add.
- In the consumer you just created under the Plugins field, search for the
key-auth
plugin. - Click the Plus icon (+).
- In the dialog box do the following:
Add the following configuration to the JSON Editor:
{
"key": "secret-key"
}Click Enable.
To use ADC to create a consumer and an API at the same gateway group, update your configuration as shown:
services:
- name: httpbin API
upstream:
name: default
scheme: http
nodes:
- host: httpbin.org
port: 80
weight: 100
routes:
- uris:
- /ip
name: api-consumption-ip
methods:
- GET
consumers:
- username: Alice
Synchronize the configuration to API7 Gateway:
adc sync -f adc.yaml
Create a Kubernetes manifest file to configure a consumer using the ApisixConsumer custom resource:
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
name: alice
# namespace: api7 # replace with your namespace
Apply the configurations to your cluster:
kubectl apply -f consumer.yaml
Enable Key Authentication for the Consumer
- Dashboard
- ADC
- Ingress Controller
- Select the gateway group where the consumer is located.
- Select your consumer, for example,
Alice
. - In the Plugins field, search for the
key-auth
plugin. - Click the Plus icon (+).
- In the dialog box, do the following:
- Add the following configuration to the JSON Editor:
{
"key": "secret-key"
} - Click Enable.
To use ADC to enable key authentication, update your configuration:
services:
- name: httpbin API
upstream:
name: default
scheme: http
nodes:
- host: httpbin.org
port: 80
weight: 100
routes:
- uris:
- /ip
name: api-consumption-ip
methods:
- GET
consumers:
- username: Alice
plugins:
key-auth:
_meta:
disable: false
key: secret-key
Synchronize the configuration to API7 Enterprise:
adc sync -f adc.yaml
Update the Kubernetes manifest file of the consumer with key authentication:
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
name: alice
# namespace: api7 # replace with your namespace
spec:
authParameter:
keyAuth:
value:
key: "secret-key"
Apply the configurations to your cluster:
kubectl apply -f consumer.yaml
Validate
Follow the steps below to validate the key authentication.
Send a Request without a Key
Send a request without the apikey
header:
curl -i "http://127.0.0.1:9080/ip"
Since the key is not provided, you will receive an HTTP/1.1 401 Unauthorized
response with the following request body:
{"message":"Missing API key found in request"}
Send a Request with a Wrong Key
Send a request with a wrong key in the apikey
header:
curl -i "http://127.0.0.1:9080/ip" -H "apikey: wrongkey"
Since the key is wrong, you will receive an HTTP/1.1 401 Unauthorized
response with the following request body:
{"message":"Invalid API key in request"}
Send a Request with the Correct Key
Send a request with the correct key in the apikey
header:
curl -i "http://127.0.0.1:9080/ip" -H "apikey: secret-key"
With the correct key in the request, you will receive an HTTP/1.1 200 OK
response with the following request body:
{
"origin": "192.168.0.102, 35.259.159.12"
}
Additional Resource(s)
- Key Concepts
- API Security
- API Consumption