Manage Consumer Credentials

A consumer is an application or a developer that consumes your API. Enabling authentication on a service in your API allows you to control access, requiring consumers to obtain the credentials before accessing the route.

Authentication plugins enabled on services act as locks on your APIs, while consumer credentials serve as the keys to unlock them. In API7 Gateway, you need a unique username and at least one credential to set up a consumer.

This tutorial guides you in creating a consumer and configuring key authentication.

Prerequisites

1. Install API7 Enterprise.
2. Have a running API on the gateway group.

Add a Consumer with Key Authentication

Dashboard

1. Select Consumers of your gateway group from the side navigation bar.
2. Click Add Consumer.
3. From the dialog box, do the following:

• In the Name field, enter Alice.
• Click Add.

4. In the Plugins field, click Enable Plugin.
5. Search for the key-auth plugin, then click Enable.
6. In the dialog box, do the following:

• Add the following configuration to the JSON Editor:

  {
    "key": "secret-key"
  }
• Click Enable.

ADC

To use ADC to create a consumer and an API at the same gateway group, update your configuration as shown:

adc.yaml

services:
  - name: httpbin
    upstream:
      name: default
      scheme: http
      nodes:
        - host: httpbin.org
          port: 80
          weight: 100
    routes:
      - uris:
          - /ip
        name: get-ip
        methods:
          - GET
consumers:
  - username: Alice
    plugins:
      key-auth:
        _meta:
          disable: false
        key: secret-key

Synchronize the configuration to API7 Gateway:

adc sync -f adc.yaml

Ingress Controller

Create a Kubernetes manifest file to configure a consumer using the ApisixConsumer custom resource:

consumer.yaml

apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
  name: alice
  # namespace: api7       # replace with your namespace
spec:
  authParameter:
    keyAuth:
      value:
        key: "secret-key"

Apply the configurations to your cluster:

kubectl apply -f consumer.yaml

Validate

Follow the steps below to validate the key authentication.

Send a Request without a Key

Send a request without the apikey header:

curl -i "http://127.0.0.1:9080/ip"  

Since the key is not provided, you will receive an HTTP/1.1 401 Unauthorized response with the following request body:

{"message":"Missing API key found in request"}

Send a Request with a Wrong Key

Send a request with a wrong key in the apikey header:

curl -i "http://127.0.0.1:9080/ip" -H "apikey: wrongkey" 

Since the key is wrong, you will receive an HTTP/1.1 401 Unauthorized response with the following request body:

{"message":"Invalid API key in request"}

Send a Request with the Correct Key

Send a request with the correct key in the apikey header:

curl -i "http://127.0.0.1:9080/ip" -H "apikey: secret-key" 

With the correct key in the request, you will receive an HTTP/1.1 200 OK response with the following request body:

{
  "origin": "192.168.0.102, 35.259.159.12"
}

Additional Resource(s)

• Key Concepts
  • Services
  • Routes
  • Plugins
  • Consumers
• API Security
  • Set up API authentication
• API Consumption
  • Apply list-based access control