Skip to main content

Version: 3.2.9.5

Set up API Authentication

For security reasons, API7 Enterprise should authenticate and authorize consumers before they access internal resources. API7 Enterprise has a flexible plugin extension system and a number of plugins for user authentication and authorization are provided. For example:

This guide walks you through how to enable key authentication for a service and a route.

Prerequisites

  1. Obtain a user account with Super Admin or API Provider role.
  2. Publish a service.

Set Up Key Authentication for a Service

If you want to enable key authentication for all existing and future routes of a service, enable the key-auth plugin at the service level. This prevents enabling additional authentication plugins at the route level.

Since plugin configurations are not considered as Runtime Configurations, you should modify it in the service template and then publish a new version to the gateway group.

  1. Select Services from the side navigation bar and then select Swagger Petstore.
  2. Select Plugins from the side navigation bar.
  3. In the Plugins field, search the key-auth plugin.
  4. Click the Plus icon (+).
  5. Click Enable.
  6. Select Services from the side navigation bar and then click Publish New Version for the Swagger Petstore service.
  7. Choose the Test Group gateway group and then click Next.
  8. From the dialog box, do the following:
    • In the New Version field, enter 1.0.1.
    • Leave the nodes unchanged and then click Publish.

Set Up Key Authentication for a Route

If you want to enable key authentication for a route, try enable the key-auth plugin at the route level. This prevents enabling plugins at the service level.

Since plugin configurations are not considered Runtime Configurations, you should modify it in the service template and then publish a new version to the gateway group.

  1. Select Services from the side navigation bar and then select Swagger Petstore.
  2. Select Routes from the side navigation bar and then select getPetById.
  3. In the Plugins field, search the key-auth plugin.
  4. Click the Plus icon (+).
  5. Click Enable.
  6. Select Services from the side navigation bar and then click Publish New Version for the Swagger Petstore service.
  7. Choose the Test Group gateway group and then click Next.
  8. From the dialog box, do the following:
    • In the New Version field, enter 1.0.1.
    • Leave the nodes unchanged and then click Publish.

Validate

Authentication should be set up both on the service and on the Consumers.

Add a Consumer

  1. Select Consumers from the side navigation bar and then click Add Consumer.
  2. In the Gateway Group field, choose Test Group, and in the Name field enter Alice.
  3. Click Add.

Enable Key Authentication for the Consumer

  1. Select Consumers from the side navigation bar and then select Alice.

  2. In the Plugins field, search the key-auth plugin.

  3. Click the Plus icon (+) and a dialog box appears.

  4. Apply the following configuration to the JSON Editor:

    {
    "key": "secret-key"
    }
  5. Click Enable.

Send a Request without a Key

curl -i "http://127.0.0.1:9080/pet/1"  

Since the key is not provided, you will receive an HTTP/1.1 401 Unauthorized response.

HTTP/1.1 401 Unauthorized
Date: Fri, 01 Sep 2023 03:06:51 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/dev

{"message":"Missing API key found in request"}

Send a Request with a Wrong Key

curl -i "http://127.0.0.1:9080/pet/1" -H "apikey: wrongkey" 
HTTP/1.1 401 Unauthorized
Date: Fri, 01 Sep 2023 03:08:00 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/dev

{"message":"Invalid API key in request"}

Send a Request with a Correct Key

curl -i "http://127.0.0.1:9080/pet/1" -H "apikey: secret-key" 
HTTP/1.1 200 OK
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 119
X-RateLimit-Reset: 1693537822

{
"name": "Dog",
"photoUrls": [
"https://example.com/dog-1.jpg",
"https://example.com/dog-2.jpg"
],
"id": 1,
"category": {
"id": 1,
"name": "pets"
},
"tags": [
{
"id": 1,
"name": "friendly"
},
{
"id": 2,
"name": "smart"
}
],
"status": "available"
}

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation