Admin API keys are used to control access to the APISIX Admin API endpoints, allowing only authorized users to manage and administer APISIX resources via the Admin API.
Key Requirement and Permissions
It is strongly recommended that you switch on the mandatory requirement of Admin API keys in production and configure a set of complex keys to harden your APISIX instances.
The default configuration file includes the following details, where Admin API key is required by default and set to fixed values:
role: admin # read and write access
role: viewer # read-only access
Other Admin API Security Options
In addition to setting the Admin API keys, you can also customize other configurations to further secure the Admin API, such as:
- Admin API CORS
- Admin API Access IP whitelist
- Admin API mTLS
For a complete list of configuration options, see