API authentication in Kong
As we mentioned, an API gateway should take care of authentication for the multiple APIs running behind the gateway. Many plugins are available to provide authentication on the fly in Kong. In the next chapter, we will see the authentication concept in detail. For now, using these plugins, we can add authentication for a given API by calling the Kong admin API.
An API key-based authentication is becoming famous these days. Kong provides the following authentication patterns:
- API key-based authentication
- OAuth2 authentication
- JWT authentication
For the sake of simplicity, let us implement API key-based authentication. In simple words, key-based authentication allows an external client to consume the REST API with a unique token. For that in Kong, enable the key authentication plugin first. To enable the plugin, make a POST
request to the http://localhost:8001/apis/myapi/plugins
URL with two things in the JSON body:
- The
name
iskey-auth
. config.hide_credentials
istrue
...