Skip to main content
Version: 3.11.0

Credentials

In this document, you will learn the basic concept of credentials in APISIX, and how it works with consumers for a number of authentication plugins.

Explore additional resources at the end of the document for more information on related topics.

Overview

In APISIX, a credential object is an entity used to store authentication configurations associated with consumers. A consumer can be associated with one or more credentials from a designated list of authentication plugins, including key-auth, basic-auth, jwt-auth, and hmac-auth. The decoupling of credentials facilitates credential reuse and rotation as well as enhanced security. You will not see the credential details when examining consumers.

The following diagram illustrates an example of credentials using two routes, each with one type of authentication enabled, and one consumer, whose authentication details are configured in credentials. Only requests with the valid credentials will be authenticated and allowed to access the upstream resource:

credentials diagram

Note that when a consumer is successfully authenticated, APISIX adds additional headers, such as consumer username and identifier, to the request before proxying it to the upstream service. The upstream service will be able to differentiate between consumers and implement additional logics as needed.

Additional Resource(s)

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud
API7 Enterprise
API Portal
Roadmap

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
Documentation
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation