Skip to main content

Version: 3.2.14.6

Set Up API Authentication

For security, you should only allow authenticated and authorized consumers to access your APIs. API7 Gateway provides several plugins to enable authentication and authorization.

Authentication plugins act as locks on your APIs, while consumer credentials serve as the keys to unlock them. Consumers are usually created after APIs are published. In API7 Gateway, you need a unique username and at least one credential to set up a consumer.

This guide walks you through enabling a simple key-based authentication using the key-auth plugin.

Prerequisite(s)

  1. Install API7 Enterprise.
  2. Have a running API on the gateway group.

Add a Consumer with Key Authentication

A consumer is an entity that consumes your APIs. This example will create a consumer named Alice.

  1. Select the gateway group where your service is published.
  2. Select Consumers from the side navigation bar.
  3. Click Add Consumer.
  4. From the dialog box, do the following:
  • In the Name field, enter Alice.
  • Click Add.
  1. In the consumer you just created under the Plugins field, search for the key-auth plugin.
  2. Click the Plus icon (+).
  3. In the dialog box do the following:
  • Add the following configuration to the JSON Editor:

    {
    "key": "secret-key"
    }
  • Click Enable.

Enable Key Authentication for APIs

For a Service

To use key authentication for all routes in a service, enable the key-auth plugin on the service.

  1. Select Published Services of your gateway group from the side navigation bar, then select the service you want to modify, for example, httpbin with version 1.0.0.
  2. Select Plugins from the side navigation bar, then click Enable Plugin.
  3. Search for the key-auth plugin, then click Enable.
  4. In the dialog box do the following:
  • Add the following configuration to the JSON Editor:

    {
    }
  • Click Enable.

For a Single Route

To use key authentication for a specific route, enable the key-auth plugin on the route instead of the service.

  1. Select Published Services of your gateway group from the side navigation bar, then select the service you want to modify, for example, httpbin with version 1.0.0.
  2. Under the published service, select Routes from the side navigation bar.
  3. Select your target route, for example, get-ip.
  4. In the Plugin field, click Enable Plugin.
  5. Search for the key-auth plugin, then click Enable.
  6. In the dialog box do the following:
  • Add the following configuration to the JSON Editor:

    {
    }
  • Click Enable.

Validate

Follow the steps below to validate the key authentication.

Send a Request without a Key

Send a request without the apikey header:

curl -i "http://127.0.0.1:9080/ip"  

Since the key is not provided, you will receive an HTTP/1.1 401 Unauthorized response with the following request body:

{"message":"Missing API key found in request"}

Send a Request with a Wrong Key

Send a request with a wrong key in the apikey header:

curl -i "http://127.0.0.1:9080/ip" -H "apikey: wrongkey" 

Since the key is wrong, you will receive an HTTP/1.1 401 Unauthorized response with the following request body:

{"message":"Invalid API key in request"}

Send a Request with the Correct Key

Send a request with the correct key in the apikey header:

curl -i "http://127.0.0.1:9080/ip" -H "apikey: secret-key" 

With the correct key in the request, you will receive an HTTP/1.1 200 OK response with the following request body:

{
"origin": "192.168.0.102, 35.259.159.12"
}

Additional Resource(s)


API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation