Adding key-auth to a consumer

Questions
1

Just working through the QuickStart and then some basic use cases, and I’m struggling to enable authentication on a Consumer. The docs imply that this is possible, but I can’t get it to work.

I’m calling

curl -X POST \
  http://127.0.0.1:8001/consumers/{ServiceID}/plugins \
  -F name=key-auth

and getting this response:

{
    "message": "schema violation (consumer: value must be null)",
    "name": "schema violation",
    "fields": {
        "consumer": "value must be null"
    },
    "code": 2
}

Should I be able to do this, and, if so, what am I missing?

2

Associate the plugin with a service - so replace "consumers’ in your url with services such as : curl -X POST
http://127.0.0.1:8001/services/{ServiceID}/plugins
-F name=key-auth

1 Like
3

Thank you!

I have already test that as well as adding the key-auth plugin to a route.

I guess you cannot associate the key-auth plugin with a consumer?

4

aah… ok! key-auth plugin is enabled at service/route level and can’t be enabled at consumer-level as far as i know. Once you enable key-auth plugin for service/route, consumers need to pass the configured key in their requests to authenticate themselves.

On a separate note, not sure if you were looking for generating credentials for a consumer - one of the credential methods allowed is API Keys: to create an API key for a consumer, use "curl -X POST http://<kong_ip>:8001/consumers/{consumer}/key-auth -d ‘’ " - if you don’t pass , kong should create one (recommended). This key then can then be passed as querysting/header in your requests to authenticate this particular consumer.

1 Like
5

Thank you. I’ve configured the key-auth on a service and a route, and generated a key for a consumer and been able to pass that in the request header.

Thanks for following-up - I’m just trying to explore and determine what the boundaries are versus what is my own ignorance. :grinning: