代码拉取完成,页面将自动刷新
| title | keywords | description | ||||
|---|---|---|---|---|---|---|
key-auth |
|
This document contains information about the Apache APISIX key-auth Plugin. |
The key-auth Plugin is used to add an authentication key (API key) to a Route or a Service.
This works well with a Consumer. Consumers of the API can then add their key to the query string or the header to authenticate their requests.
For Consumer:
| Name | Type | Requirement | Description |
|---|---|---|---|
| key | string | required | Unique key for a Consumer. |
For Route:
| Name | Type | Requirement | Default | Valid | Description |
|---|---|---|---|---|---|
| header | string | optional | apikey | The header to get the key from. | |
| query | string | optional | apikey | The query string to get the key from. Lower priority than header. | |
| hide_credentials | bool | optional | false | Apache APISIX will pass the request header or query string that contains the authentication information to the Upstream if hide_credentials is false. Otherwise the authentication information will be removed before proxying. |
To enable the Plugin, you have to create a Consumer object with an authentication key and configure your Route to authenticate requests.
First you can create a Consumer object through the Admin API with a unique key:
curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "jack",
"plugins": {
"key-auth": {
"key": "auth-one"
}
}
}'
You can also use the APISIX Dashboard to complete the operation through a web UI.
First, create a Consumer object:
You can then add the key-auth Plugin:
Once you have created a Consumer object, you can then configure a Route or a Service to authenticate requests:
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET"],
"uri": "/index.html",
"id": 1,
"plugins": {
"key-auth": {}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
To fetch the key from a different header than apikey, change the header in the configuration:
{
"key-auth": {
"header": "Authorization"
}
}
After you have configured the Plugin as mentioned above, you can make a request as shown:
curl http://127.0.0.2:9080/index.html -H 'apikey: auth-one' -i
HTTP/1.1 200 OK
...
And if the request has a missing key or a wrong key:
curl http://127.0.0.2:9080/index.html -i
HTTP/1.1 401 Unauthorized
...
{"message":"Missing API key found in request"}
curl http://127.0.0.2:9080/index.html -H 'apikey: abcabcabc' -i
HTTP/1.1 401 Unauthorized
...
{"message":"Invalid API key in request"}
To disable the key-auth Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。