Adding key-auth to a consumer

Just working through the QuickStart and then some basic use cases, and I’m struggling to enable authentication on a Consumer. The docs imply that this is possible, but I can’t get it to work.

I’m calling

curl -X POST \{ServiceID}/plugins \
  -F name=key-auth

and getting this response:

    "message": "schema violation (consumer: value must be null)",
    "name": "schema violation",
    "fields": {
        "consumer": "value must be null"
    "code": 2

Should I be able to do this, and, if so, what am I missing?

Associate the plugin with a service - so replace "consumers’ in your url with services such as : curl -X POST{ServiceID}/plugins
-F name=key-auth

1 Like

Thank you!

I have already test that as well as adding the key-auth plugin to a route.

I guess you cannot associate the key-auth plugin with a consumer?

aah… ok! key-auth plugin is enabled at service/route level and can’t be enabled at consumer-level as far as i know. Once you enable key-auth plugin for service/route, consumers need to pass the configured key in their requests to authenticate themselves.

On a separate note, not sure if you were looking for generating credentials for a consumer - one of the credential methods allowed is API Keys: to create an API key for a consumer, use "curl -X POST http://<kong_ip>:8001/consumers/{consumer}/key-auth -d ‘’ " - if you don’t pass , kong should create one (recommended). This key then can then be passed as querysting/header in your requests to authenticate this particular consumer.

1 Like

Thank you. I’ve configured the key-auth on a service and a route, and generated a key for a consumer and been able to pass that in the request header.

Thanks for following-up - I’m just trying to explore and determine what the boundaries are versus what is my own ignorance. :grinning: