Skip to main content
Version: 3.2.9.5

Manage Consumer Credentials

A consumer is an application or a developer who consumes the API. The authentication plugin enabled on a route locks down access, requiring consumers to obtain credentials to access the API.

Consumers are typically created after APIs are published while developers come to apply for credentials. A consumer requires a unique username to be created. As part of the authentication configuration, you would also add one of the authentication plugins from the list above to the consumer's plugin field.

In this tutorial, you will create a consumer with key authentication, and then use the key to access the API with key authentication.

Prerequisites

  1. Obtain a user account with Super Admin or API Provider role.
  2. Publish a service.
  3. Set up API authentication.

Add a Consumer

  1. Select Services from the side navigation bar and then click the target service.

  2. Select Consumers from the side navigation bar and then click Add Consumer.

  3. From the Add Consumer dialog box, do the following:

    • In the Gateway Group field, choose Test Group.
    • in the Name field, enter Alice.

  4. Click Add.

Enable Key Authentication for the Consumer

  1. Select Consumers from the side navigation bar and then select Alice.

  2. In the Plugins field, search the key-auth plugin.

  3. Click the Plus icon (+) and a dialog box appears.

  4. Apply the following configurations:

    {
      "key": "secret-key"
    }

  5. Click Enable.

Validate

Send a Request without a Key

curl -i "http://127.0.0.1:9080/pet/1"

You should see the following output:

HTTP/1.1 401 Unauthorized
Date: Fri, 01 Sep 2023 03:06:51 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/dev

{"message":"Missing API key found in request"}

Send a Request with a Wrong Key

curl -i "http://127.0.0.1:9080/pet/1" -H "apikey: wrongkey"

You should see the following output:

HTTP/1.1 401 Unauthorized
Date: Fri, 01 Sep 2023 03:08:00 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/dev

{"message":"Invalid API key in request"}

Send a Request with a Correct Key

curl -i "http://127.0.0.1:9080/pet/1" -H "apikey: secret-key"

You should see the following output:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 323
Connection: keep-alive
Date: Fri, 01 Sep 2023 03:09:22 GMT
x-srv-trace: v=1;t=ada7cefb43c4848d
x-srv-span: v=1;s=4221c976c3e1b0fe
Access-Control-Allow-Origin: *
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 119
X-RateLimit-Reset: 1693537822
ETag: W/"143-JIrwO+Sx1/7FTTpJ2ljwAfgaRCY"
Vary: Accept-Encoding
Server: APISIX/dev

{
  "name": "Dog",
  "photoUrls": [
    "https://example.com/dog-1.jpg",
    "https://example.com/dog-2.jpg"
  ],
  "id": 1,
  "category": {
    "id": 1,
    "name": "pets"
  },
  "tags": [
    {
      "id": 1,
      "name": "friendly"
    },
    {
      "id": 2,
      "name": "smart"
    }
  ],
  "status": "available"
}
API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud
API7 Enterprise
API Portal
Roadmap

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
Documentation
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation