~/blog/create-key-authentication-kong
Published on

Creating Key Authentication for Kong API Gateway

book3 minutes read

Continuing from my previous post, Installation and Configuration of Kong, we'll now proceed to create key authentication (key-auth) for accessing APIs on the Kong gateway.

Before we proceed, there are some key terms in Kong that you should be familiar with:

Plugin A plugin is an additional program that adds functionality to Kong. Service This defines an upstream API service or microservice. Route Routes configure the URLs that Kong exposes and that point to upstream services. Upstream service The API server service that the Kong gateway will pass requests to.

Alright, before we move forward, I'll be using httpie as a tool to access the Kong admin endpoints.

Step 1: Create Consumers

To create a key, we first need to create consumers.

$ http :8001/consumers username=HDR

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 105
Content-Type: application/json; charset=utf-8
Date: Sat, 24 Nov 2018 02:02:05 GMT
Server: kong/0.14.1

{
    "created_at": 1543024925,
    "custom_id": null,
    "id": "a475a0a7-9fe8-49d2-9886-8bc48c0a8e98",
    "username": "HDR"
}

Step 2: Create a Key

There are two ways to create a key: it can either be automatically generated by Kong, or we can define it ourselves. If you're creating a key for the first time, it's recommended to generate it automatically. However, if you're migrating or cloning your server, you might want to define the key yourself to match the previous setup. Before creating the key, retrieve the ID or username of the consumer you created earlier and place it in the URL after /consumers/.

$ http post :8001/consumers/{id or username consumers}/key-auth

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 167
Content-Type: application/json; charset=utf-8
Date: Sat, 24 Nov 2018 01:25:38 GMT
Server: kong/0.14.1

{
    "consumer_id": "a475a0a7-9fe8-49d2-9886-8bc48c0a8e98",
    "created_at": 1543022783000,
    "id": "0fbed2fd-3f74-4ee2-941a-59754665d459",
    "key": "hzwtr9oJwfgO0VSCrZJ6zzkvV6q8S7Ze"
}

Step 3: Add the Plugin

$ http :8001/plugins name=key-auth config.key_names=apikey

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 224
Content-Type: application/json; charset=utf-8
Date: Sat, 24 Nov 2018 01:29:32 GMT
Server: kong/0.14.1

{
    "config": {
        "anonymous": "",
        "hide_credentials": false,
        "key_in_body": false,
        "key_names": [
            "apikey"
        ],
        "run_on_preflight": true
    },
    "created_at": 1543022972000,
    "enabled": true,
    "id": "7216fbfc-7e38-4368-bf9a-19b21559aae7",
    "name": "key-auth"
}

If we don't include a service_id or route_id, the key-auth plugin will be global, meaning all API requests will require the globally created key.

Step 4: Use the API Key

We can add it to the header request

$ http :8000/v1/example-url apikey:hzwtr9oJwfgO0VSCrZJ6zzkvV6q8S7Ze

Or to the query string parameter

$ http://localhost:8000/v1/example-url?apikey=hzwtr9oJwfgO0VSCrZJ6zzkvV6q8S7Ze

Additional

If we want to see the list of created keys

$ http :8001/key-auths

If we want to see the list of created consumers

$ http :8001/consumers

If we want to delete a created key

$ http delete :8001/consumers/{id atau username consumers}/key-auth/{id key-auth}

That’s it, see ya~