Skip to main content

Version: 3.11.0

Credentials

In this document, you will learn the basic concept of credentials in APISIX, and how it works with consumers for a number of authentication plugins.

Explore additional resources at the end of the document for more information on related topics.

Overview

In APISIX, a credential object is an entity used to store authentication configurations associated with consumers. A consumer can be associated with one or more credentials from a designated list of authentication plugins, including key-auth, basic-auth, jwt-auth, and hmac-auth. The decoupling of credentials facilitates credential reuse and rotation as well as enhanced security. You will not see the credential details when examining consumers.

The following diagram illustrates an example of credentials using two routes, each with one type of authentication enabled, and one consumer, whose authentication details are configured in credentials. Only requests with the valid credentials will be authenticated and allowed to access the upstream resource:

credentials diagram

Note that when a consumer is successfully authenticated, APISIX adds additional headers, such as consumer username and identifier, to the request before proxying it to the upstream service. The upstream service will be able to differentiate between consumers and implement additional logics as needed.

Additional Resource(s)


API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation