Credential
#
DescriptionCredential is the object that holds the Consumer credential configuration. A Consumer can use multiple credentials of different types. Credentials are used when you need to configure multiple credentials for a Consumer.
Currently, Credential can be configured with the authentication plugins basic-auth
, hmac-auth
, jwt-auth
, and key-auth
.
#
Configuration optionsThe fields for defining a Credential are defined as below.
Field | Required | Description |
---|---|---|
desc | False | Decriptiion of the Credential. |
labels | False | Labels of the Credential. |
plugins | False | The plugin configuration corresponding to Credential. For more information, see Plugins. |
note
For more information about the Credential object, you can refer to the Admin API Credential resource guide.
#
ExampleConsumer Example describes how to configure the auth plugin for Consumer and how to use it with other plugins. In this example, the Consumer has only one credential of type key-auth. Now suppose the user needs to configure multiple credentials for that Consumer, you can use Credential to support this.
note
You can fetch the admin_key
from config.yaml
and save to an environment variable with the following command:
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
Create the Consumer without specifying the auth plug-n, but use Credential to configure the auth plugin later.
curl http://127.0.0.1:9180/apisix/admin/consumers \
-H "X-API-KEY: $admin_key" -X PUT -d '
{
"username": "jack"
}'Create 2
key-auth
Credentials for the Consumer.curl http://127.0.0.1:9180/apisix/admin/consumers/jack/key-auth-one \
-H "X-API-KEY: $admin_key" -X PUT -d '
{
"plugins": {
"key-auth": {
"key": "auth-one"
}
}
}'curl http://127.0.0.1:9180/apisix/admin/consumers/jack/key-auth-two \
-H "X-API-KEY: $admin_key" -X PUT -d '
{
"plugins": {
"key-auth": {
"key": "auth-two"
}
}
}'Create a route and enable
key-auth
plugin on it.curl http://127.0.0.1:9180/apisix/admin/routes/1 \
-H "X-API-KEY: $admin_key" -X PUT -d '
{
"plugins": {
"key-auth": {}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}'Test.
Test the request with the
auth-one
andauth-two
keys, and they both respond correctly.curl http://127.0.0.1:9080/hello -H 'apikey: auth-one' -I
curl http://127.0.0.1:9080/hello -H 'apikey: auth-two' -IEnable the
limit-count
plugin for the Consumer.curl http://127.0.0.1:9180/apisix/admin/consumers \
-H "X-API-KEY: $admin_key" -X PUT -d '
{
"username": "jack",
"plugins": {
"limit-count": {
"count": 2,
"time_window": 60,
"rejected_code": 503,
"key": "remote_addr"
}
}
}'Requesting the route more than 3 times in a row with each of the two keys, the test returns
503
and the request is restricted.