Skip to main content
Version: 2.13.2304

Enabling API Authentication

Authentication is one of the fundamental requirements for APIs, and API7 Enterprise supports a wide range of authentication methods, such as key-auth, basic-auth, ldap-auth, and more.

This article will use the key-auth plugin as an example to demonstrate how to add authentication capability to an API.

Prerequisites

  1. Install API7 Enterprise.
  2. Designing APIs.
  3. Publishing APIs to API7 Gateway.

Create a Consumer

Refer to the documentation on Create consumer. In 9. Enable the required plugins by clicking the corresponding Enable button, select the key-auth plugin.

In 11. In the Raw Data Editor , edit the plugin parametersin, modify the Configure Raw Data section with the following configuration:


{
  "key": "auth-one"
}

The above configuration indicates that auth-one is a valid access credential for the key-auth plugin.

Create a Plugin Template

Refer to the documentation on Create Plugin Template. In 9. Enable the required plugins by clicking the corresponding Enable button, select the key-auth plugin.

The above configuration indicates that the key-auth plugin will attempt to retrieve access credentials from the Authorization header of the HTTP request. If the retrieval fails or the credentials cannot be associated with a valid consumer, the authentication will fail. Conversely, if the credentials can be successfully validated, the authentication will succeed.

Apply the Plugin Template to the API

Taking CreateProduct as an example.

Refer to the documentation on Configure API.

In 9. Edit the properties of the API, modify the plugin template to the one created in the previous step that includes the key-auth plugin.

Validate

Send API Request without API Key


curl -X POST -d '{"name": "iPhone 13 Pro", "price": 999.99}' -H 'HOST: test.com' -v http://${API7_GATEWAY_ADDRESS}/products

The request will return an HTTP 401 error with the message {"message":"Missing API key found in request"} because the request does not include a valid API Key.

Send API Request with Correct API Key


curl -X POST -d '{"name": "iPhone 13 Pro", "price": 999.99}' -H 'HOST: test.com' -H "apikey: auth-one" -v http://${API7_GATEWAY_ADDRESS}/products

The request will return normally.

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud
API7 Enterprise
API Portal
Roadmap

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
Documentation
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation