Skip to main content
Version: 3.2.3.x

Manage API Consumer Credentials

A consumer is an application or a developer who consumes the API. The authentication plugin enabled on a route locks down access, requiring consumers to obtain credentials to access the API.

Consumers are typically created after APIs are published while developers come to apply for credentials. In API7 Enterprise Edition, a consumer requires a unique username to be created. As part of the authentication configuration, you would also add one of the authentication plugins from the list above to the consumer's plugin field.

In this tutorial, you will create a consumer with key authentication, then use the key to access the API with key authentication.

Prerequisite(s)

  1. Obtain a User Account with Super Admin or API Provider Role.
  2. Complete Add Service from API Definition.
  3. Complete Set Up API Authentication.

Create a Consumer

  1. Select API Consumers, then click Add API Consumer.
  2. Enter tom as the Name, then click Add.

Add Consumer tom

Enable Key Authentication on the Consumer

  1. On the Plugins table of the consumer, click Add Plugin.
  2. Choose key-auth as the plugin.
  3. Apply the following configuration to the JSON Editor:
{
    "key": "secret-key"
}
  1. Click Add.

Add Consumer Key Auth Plugin

Validate

Send a request with a wrong key:

curl -i 43.129.203.103:32140/pet/1 -H "apikey: wrongkey"
HTTP/1.1 401 Unauthorized
Date: Fri, 01 Sep 2023 03:08:00 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/dev

{"message":"Invalid API key in request"}

Send a request with the correct key:

curl -i 43.129.203.103:32140/pet/1 -H "apikey: secret-key"
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 323
Connection: keep-alive
Date: Fri, 01 Sep 2023 03:09:22 GMT
x-srv-trace: v=1;t=ada7cefb43c4848d
x-srv-span: v=1;s=4221c976c3e1b0fe
Access-Control-Allow-Origin: *
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 119
X-RateLimit-Reset: 1693537822
ETag: W/"143-JIrwO+Sx1/7FTTpJ2ljwAfgaRCY"
Vary: Accept-Encoding
Server: APISIX/dev

{
  "name": "Dog",
  "photoUrls": [
    "https://example.com/dog-1.jpg",
    "https://example.com/dog-2.jpg"
  ],
  "id": 1,
  "category": {
    "id": 1,
    "name": "pets"
  },
  "tags": [
    {
      "id": 1,
      "name": "friendly"
    },
    {
      "id": 2,
      "name": "smart"
    }
  ],
  "status": "available"
}
API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud
API7 Enterprise
API Portal
Roadmap

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
Documentation
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2025. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation