Parameters
See plugin common configurations for configuration options available to all plugins.
Credentials
The following are plugin attributes available for configurations on credentials.
key_id
string
required
Unique identifier for the consumer, which identifies the associated configurations such as the secret key.
secret_key
string
required
Secret key used to generate an HMAC.
The key is encrypted with AES before saving to etcd. You can also keep it in a secret manager, such as HashiCorp Vault's KV secrets engine. See secrets for more details.
Routes or Services
The following are plugin attributes available for configurations on routes or services.
allowed_algorithms
array[string]
default:
["hmac-sha1", "hmac-sha256", "hmac-sha512"]The list of HMAC algorithms allowed.
clock_skew
integer
default:
300vaild vaule:
greater or equal to 1
Maximum allowable time difference in seconds between the client request's timestamp and APISIX server's current time. This helps account for discrepancies in time synchronization between the client’s and server’s clocks and protect against replay attacks. The timestamp in the
Dateheader (must be in GMT format) will be used for the calculation.signed_headers
array[string]
The list of HMAC-signed headers that should be included in the client request's HMAC signature.
validate_request_body
boolean
If true, validate the integrity of the request body to ensure it has not been tampered with during transmission. Specifically, the plugin creates a SHA-256 base64-encoded digest and compare it to the
Digestheader. If the Digest` header is missing or if the digests do not match, the validation fails.hide_credentials
boolean
default:
falseIf true, do not pass the authorization request header to upstream services.
anonymous_consumer
string
Anonymous consumer name (Enterprise feature). If configured, allow anonymous users to bypass the authentication. See Rate Limit with Anonymous Consumer for more details.