key-auth
The key-auth
plugin supports the use of an authentication key as a mechanism for clients to authenticate themselves before accessing upstream resources.
To use the plugin, you would configure authentication keys on consumers and enable the plugin on routes or services. The key can be included in the request URL query string or request header. APISIX will then verify the key to determine if a request should be allowed or denied to access upstream resources.
When a consumer is successfully authenticated, APISIX adds additional headers, such as X-Consumer-Username
, X-Credential-Identifier
, and other consumer custom headers if configured, to the request, before proxying it to the upstream service. The upstream service will be able to differentiate between consumers and implement additional logics as needed. If any of these values is not available, the corresponding header will not be added.
Examples
The examples below demonstrate how you can work with the key-auth
plugin for different scenarios.