Skip to main content

Authentication Plugin Reference

FieldTypeDefaultOptionalLimitationsDescription
Typestring-NoOptional Values: "Key Auth", "Basic Auth", "HMAC Auth", "JWT Auth", "OpenID Connect"Specify the authentication type.

Key Auth

FieldTypeDefaultOptionalLimitationsDescription
Headerstring"apikey"YesThe HTTP request header which takes the credentials.
Strip CredentialsbooleanfalseYesWhether to strip the credentials before forwarding the request to the backend.

Key Auth (Consumer)

FieldTypeDefaultOptionalLimitationsDescription
Keystring-NoKeep it unique among Consumers.The API key.

HMAC Auth

FieldTypeDefaultOptionalLimitationsDescription
Strip CredentialsbooleanfalseYesWhether to strip the credentials before forwarding the request to the backend.

HMAC Auth (Consumer)

FieldTypeDefaultOptionalLimitationsDescription
Access Keystring-NoKeep it unique among Consumers.Key used to identify Consumers.
Secret Keystring-NoKey used to generate signature and digest.
Algorithmstring"hmac-sha256"NoOptional values: "hmac-sha1" "hmac-sha256" "hmac-sha512"Encryption algorithm.
Clock Skewinteger0YesClock skew allowed by the signature in seconds. Setting it to 0 will skip checking the date.
Max Request Body Sizeinteger524288YesMaximum allowed body size.
Encode URI ParamsbooleantrueYesWhether the URI query strings are also encoded for signing the signature.
Validate Request BodybooleantrueYesWhether the request body will be validated.
Signed Headersstring array-Yes1 <= Length <= 128Restrict the headers that are added to the encrypted calculation. After the specified, the client request can only specify the headers within this range. When this item is empty, all the headers specified by the client request will be added to the encrypted calculation.

Basic Auth

FieldTypeDefaultOptionalLimitationsDescription
Strip CredentialsbooleanfalseYesWhether to strip the credentials before forwarding the request to the backend.

Basic Auth (Consumer)

FieldTypeDefaultOptionalLimitationsDescription
Usernamestring-NoKeep it unique among Consumers.Username information.
Passwordstring-NoPassword information.

JWT Auth

FieldTypeDefaultOptionalLimitationsDescription
Token PositionstringHeaderYesOptional Values: "Header", "Query", "Cookie"The JSON Web Token position int API requests.
Token NamestringAuthorizationYesThe JSON Web Token name.

JWT Auth (Consumer)

FieldTypeDefaultOptionalLimitationsDescription
KeystringNoKey is used to identify the consumer, it will be in the JWT payload and must be unique.
SecretstringNoThe JSON Web Token signing secret.
Base64 EncodedbooleanfalseYesWhether the secret is encoded in base64 format.
AlgorithmstringHS256YesOptional Values: "HS256", "HS512"The JSON Web Token signing algorithm.

OpenID Connect

FieldTypeDefaultOptionalLimitationsDescription
Client IDstringNoThe client id assigned by the identity server.
Client SecretstringNoThe client secret assigned by the identity server.
Identity ServerstringNoThe URL of the discovery endpoint of the identity server.
Scope ClaimstringopenidYesScope for the authentication.
Bearer OnlybooleanfalseYesWhether check the authorization header in API requests.
Introspection Endpoint Auth Methodstring"client_secret_basic"YesOptional Values: "client_secret_basic", "client_secret_post"Authentication method for token introspection.
Redirect URIstringSame to the API request.YesAvoid using any meaningful business API endpoint.The URI that the identity server will call it back.
Logout Pathstring"/logout"YesThe URI that used to log out.
Post Logout Redirect URIstringYesURI (in Location Header) used after logout from the identity server.
Save User Information to Request HeaderbooleantrueYesSet the X-UserInfo header (which includes the user information) to upstream.

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation