Skip to main content
Version: 3.11.0

Admin API Key

Admin API keys are used to control access to the APISIX Admin API endpoints, allowing only authorized users to manage and administer APISIX resources via the Admin API.

Key Requirement and Permissions

It is strongly recommended that you switch on the mandatory requirement of Admin API keys in production and configure a set of complex keys to harden your APISIX instances.

The example configuration file documents the following details, where Admin API key is required by default and set to an empty string:

config.yaml.example
deployment:
  admin:
    admin_key_required: true
    admin_key:
      -
        name: admin
        key: ''
        role: admin    # read and write access
      -
        name: viewer
        key: 4054f7cf07e344346cd3f287985e76a2
        role: viewer   # read-only access

If you do not configure a custom Admin API key, APISIX will automatically generate a key at runtime.

To customize these configurations for your deployment, add the custom configurations to the config.yaml configuration file and reload APISIX for changes to take effect.

Other Admin API Security Options

In addition to setting the Admin API keys, you can also customize other configurations to further secure the Admin API, such as:

For a complete list of configuration options, see config.yaml.example.

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud
API7 Enterprise
API Portal
Roadmap

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
Documentation
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation