Manage Consumer Credentials
A consumer is an application or a developer that consumes your API. Enabling authentication on a service allows you to control access, requiring consumers to obtain the credentials before accessing the APIs.
Authentication plugins enabled on services act as locks on your APIs, while consumer credentials serve as the keys to unlock them. In API7 Enterprise, you need a unique username and at least one credential to set up a consumer.
Consumers can utilize multiple credentials of different types, all are treated equally for authentication purposes.
This tutorial guides you in creating a consumer and configuring authentication credentials.
Prerequisites
Configure Key Authentication Credentials
- Dashboard
- ADC
- Ingress Controller
- Select Consumers of your gateway group from the side navigation bar.
- Click + Add Consumer.
- In the dialog box, do the following:
- In the Name field, enter
Alice
. - Click Add.
- Under the Credentials tab, click + Add Key Authentication Credential.
- In the dialog box, do the following:
- In the Name field, enter
primary-key
. - In the Key field, choose Manually Input, then enter
alice-primary-key
.- If you want to choose Reference from Secret Provider, see Reference Secrets in HashiCorp Vault or Reference Secrets in AWS Secrets Manager.
- Click Add.
- Try again to add another Key Authentication Credential named
backup-key
with keyalice-backup-key
. All credentials are valid and can be used interchangeably for API authentication.
Below is an interactive demo that provides a hands-on introduction to configuring key authentication credential using API7 Enterprise.
consumers:
- username: Alice
credentials:
- name: primary-key
type: key-auth
config:
key: alice-primary-key
- name: backup-key
type: key-auth
config:
key: alice-backup-key
Synchronize the configuration to API7 Enterprise:
adc sync -f adc-consumer.yaml
Ingress Controller currently does not support credentials and anonymous consumer.
Validate
See Enable Key Authentication for APIs for instruction, and enable the Key Auth Plugin on the service level.
Then follow Validate Key Authentication instruction.
Configure Basic Authentication Credentials
- Dashboard
- ADC
- Ingress Controller
- Select Consumers of your gateway group from the side navigation bar.
- Click Add Consumer.
- From the dialog box, do the following:
- In the Name field, enter
Alice
. - Click Add.
- Under the Credentials tab, click Basic Authentication tab, then click Add Basic Authentication Credential.
- From the dialog box, do the following:
- In the Name field, enter
primary-basic
. - In the Username field, enter
alice
. - In the Password field, choose Manually Input, then enter
alice-password
.- If you want to choose Reference from Secret Provider, see Reference Secrets in HashiCorp Vault or Reference Secrets in AWS Secrets Manager.
- Click Add.
- Try again to add another Basic Authentication Credential named
backup-basic
with usernamealice-backup
and passwordalice-backup-password
. All credentials are valid and can be used interchangeably for API authentication.
Coming Soon.
Ingress Controller currently does not support credentials and anonymous consumer.
Validate
See Enable Basic Authentication for APIs for instruction, and enable the Basic Auth Plugin on the service level.
Then follow Validate Basic Authentication instruction.
Configure Varied Authentication Credentials
While consumers can have multiple credentials of different types, each route in a published service should be configured with only one authentication plugin. This allows consumers to access multiple routes using their preferred authentication methods.
Below is an interactive demo that provides a hands-on introduction to configuring various authentication credentials using API7 Enterprise.
- Dashboard
- ADC
- Ingress Controller
- Select Consumers of your gateway group from the side navigation bar.
- Click + Add Consumer.
- In the dialog box, do the following:
- In the Name field, enter
John
. - Click Add.
- Under the Credentials tab, click Add Key Authentication Credential.
- In the dialog box, do the following:
- In the Name field, enter
key-auth
. - In the Key field, choose Manually Input, then enter
john-key-auth
. - Click Add.
- Under the Credentials tab, select Basic Authentication and click Add Basic Authentication Credential.
- In the dialog box, do the following:
- In the Name field, enter
basic-auth
. - In the Username field, enter
john
. - In the Password field, choose Manually Input, then enter
john-password
. - Click Add.
- Under the Credentials tab, select JWT and click Add JWT Credential.
- In the dialog box, do the following:
- In the Name field, enter
jwt-auth
. - In the Key field, enter
john-jwt-key
. - In the Algorithm field, select
RS256
. - In the Public Key field, choose Manually Input, then enter your public key.
- Click Add.
- Under the Credentials tab, select HMAC Authentication and click Add HMAC Authentication Credential.
- In the dialog box, do the following:
- In the Name field, enter
hmac-auth
. - In the Key ID field, enter
john-key
. - In the Secret Key field, choose Manually Input, then enter
john-hmac-key
. - Click Add.
Coming Soon.
Ingress Controller currently does not support credentials and anonymous consumer.
Additional Resources
- Key Concepts
- API Security
- API Consumption
- Plugin Hub