Manage Consumer Credentials

A consumer is an application or a developer that consumes your API. Enabling authentication on a service allows you to control access, requiring consumers to obtain the credentials before accessing the APIs.

Authentication plugins enabled on services act as locks on your APIs, while consumer credentials serve as the keys to unlock them. In API7 Enterprise, you need a unique username and at least one credential to set up a consumer.

Consumers can utilize multiple credentials of different types, all are treated equally for authentication purposes.

This tutorial guides you in creating a consumer and configuring authentication credentials.

Prerequisites

1. Install API7 Enterprise.
2. Have a running API on the gateway group.

Configure Key Authentication Credentials

Dashboard

1. Select Consumers of your gateway group from the side navigation bar.
2. Click + Add Consumer.
3. In the dialog box, do the following:

• In the Name field, enter Alice.
• Click Add.

4. Under the Credentials tab, click + Add Key Authentication Credential.
5. In the dialog box, do the following:

• In the Name field, enter primary-key.
• In the Key field, choose Manually Input, then enter alice-primary-key.
  • If you want to choose Reference from Secret Provider, see Reference Secrets in HashiCorp Vault or Reference Secrets in AWS Secrets Manager.
• Click Add.

6. Try again to add another Key Authentication Credential named backup-key with key alice-backup-key. All credentials are valid and can be used interchangeably for API authentication.

Below is an interactive demo that provides a hands-on introduction to configuring key authentication credential using API7 Enterprise.

ADC

adc-consumer.yaml

consumers:
  - username: Alice
    credentials:
      - name: primary-key
        type: key-auth
        config:
          key: alice-primary-key
      - name: backup-key
        type: key-auth
        config:
          key: alice-backup-key

Synchronize the configuration to API7 Enterprise:

adc sync -f adc-consumer.yaml

Ingress Controller

Ingress Controller currently does not support credentials and anonymous consumer.

Validate

See enable key authentication for APIs for instruction, and enable the Key Auth Plugin on the service level.

Then follow validate key authentication instruction.

Configure Basic Authentication Credentials

Dashboard

1. Select Consumers of your gateway group from the side navigation bar.
2. Click Add Consumer.
3. From the dialog box, do the following:

• In the Name field, enter Alice.
• Click Add.

4. Under the Credentials tab, click Basic Authentication tab, then click Add Basic Authentication Credential.
5. From the dialog box, do the following:

• In the Name field, enter primary-basic.
• In the Username field, enter alice.
• In the Password field, choose Manually Input, then enter alice-password.
  • If you want to choose Reference from Secret Provider, see Reference Secrets in HashiCorp Vault or Reference Secrets in AWS Secrets Manager.
• Click Add.

6. Try again to add another Basic Authentication Credential named backup-basic with username alice-backup and password alice-backup-password. All credentials are valid and can be used interchangeably for API authentication.

ADC

Coming Soon.

Ingress Controller

Ingress Controller currently does not support credentials and anonymous consumer.

Validate

See enable basic authentication for APIs for instruction, and enable the Key Auth Plugin on the service level.

Then follow validate basic authentication instruction.

Configure Varied Authentication Credentials

While consumers can have multiple credentials of different types, each route in a published service should be configured with only one authentication plugin. This allows consumers to access multiple routes using their preferred authentication methods.

Below is an interactive demo that provides a hands-on introduction to configuring various authentication credentials using API7 Enterprise.

Dashboard

1. Select Consumers of your gateway group from the side navigation bar.
2. Click + Add Consumer.
3. In the dialog box, do the following:

• In the Name field, enter John.
• Click Add.

4. Under the Credentials tab, click Add Key Authentication Credential.
5. In the dialog box, do the following:

• In the Name field, enter key-auth.
• In the Key field, choose Manually Input, then enter john-key-auth.
• Click Add.

6. Under the Credentials tab, select Basic Authentication and click Add Basic Authentication Credential.
7. In the dialog box, do the following:

• In the Name field, enter basic-auth.
• In the Username field, enter john.
• In the Password field, choose Manually Input, then enter john-password.
• Click Add.

8. Under the Credentials tab, select JWT and click Add JWT Credential.
9. In the dialog box, do the following:

• In the Name field, enter jwt-auth.
• In the Key field, enter john-jwt-key.
• In the Algorithm field, select RS256.
• In the Public Key field, choose Manually Input, then enter your public key.
• Click Add.

10. Under the Credentials tab, select HMAC Authentication and click Add HMAC Authentication Credential.
11. In the dialog box, do the following:

• In the Name field, enter hmac-auth.
• In the Key ID field, enter john-key.
• In the Secret Key field, choose Manually Input, then enter john-hmac-key.
• Click Add.

ADC

Coming Soon.

Ingress Controller

Ingress Controller currently does not support credentials and anonymous consumer.

Additional Resources

• Key Concepts
  • Services
  • Routes
  • Plugins
  • Consumers
• API Security
  • Set up API authentication
• API Consumption
  • Apply list-based access control
• Plugin Hub
  • Key Authentication
  • Basic Authentication
  • JWT Auth Plugin
  • HMAC Auth Plugin