API Key Management?

Hey there, I was wondering if anyone knew whether or not Kong API Gateway provided API Key Management (Creating/Revoking/Assigning To Services, etc.)

it seems like https://www.3scale.net/ and Tyk both do this, I think…

I was hoping that Kong did as well. Hoping to not have to roll my own solution.

Thank you!

Key auth? https://docs.konghq.com/hub/kong-inc/key-auth/ not a pattern I would personally recommend, I would go with a TTL driven token that changes like oauth2 client creds or JWT).

The Key in Kong isnt necessarily assigned to the proxy per say but consumers, you can then create a consumer with acl access to 1 proxy and give out those creds to apps that need it as the “proxies” access. But I would recommend a flow where your different consuming apps each get their own “key” to call the service otherwise you lose granularity in logs and run into noisy neighbor effects.