Authentication based on upstream routes

Hey everyone,

New to kong, so apologize if this is a noob question. I’m evaluating Kong as a possible solution for my company, and one feature we want out of this is to be able to manage our upstream service’s authentication based on the upstream route. This allows us to manage granular authentication for all of our services just using kong which is valuable for us since we have so many services that all need granular permissions BY ROUTE.

For example:

Say I have an upstream service with an upstream route like someapi.com/api/resource1 and another at someapi.com/api/resource2. We’d like to be able to restrict access for consumers based on these upstream routes. Like consumer1 should only be able to access the /resource1 route of the someapi service.

I initially hoped that I could solve this by mapping kong’s routes one-to-one with my upstream routes with a prefix for each service: like externally we would hit kong.domain/someapi/health and that would proxy to someapi.com/health. Currently I cant see a way to do that, so I’m hoping that someone might know if this is possible at all?

cheers

Take a look at the ACL plugin.
You can group your upstreams and grant access to a consumer to certain groups only.