Can't figure out to make the route work

I am using Kong (open source) 3.4.0 running as docker container with DB

I have a backend (Nodejs) which has one entry point as “/”

I have created a service with a route that has a path as “/v1” with strip path and preserve host. This route uses a auth plugin which requires apikey in the header.

so anything that gets called from the client (“/v1/user”) need to authenticated and then the backend matches with “/user” route

I have another route on the backend with “/help” and I want this route to not be authenticated. So when a client calls (“/v1/help”) this route would not require the apikey in the header.

Is there a way to do this?

1 Like

@malfoy - Absolutely, you can apply plugin at route level instead of service level.

In UI, Goto Routes → Plugin → Add Plugin

Admin API: Admin API - v3.4.x | Kong Docs

Hi John, thanks for the reply.

As mentioned above I have added the auth plugin to a specific route.

I have an issue with the second half of the question. If you can help me with that it.

Thanks in advance.

@malfoy - I overlooked and I see the issue.

With just 1 service it seems not possible to do it. Since the strip path removes the complete path from URI and backend url does not get the URI, it’s unable to give correct response.

Probably a workaround, create two backend service (one with your /help) and associate individual routes to each one.

This is working for me.

Hi John,

Thanks a lot for the response. I tested the above method and it works as intended. So if I have to add any new routes that does not need to through an api key, should I use the newly created service ?

Also isn’t there a better way to do it? Or can the enterprise request-transformer-advance plugin can do it ?

@malfoy - I know :slight_smile: this is not the best way. Also, you cannot use this to add additional unauthenticated endpoints to same service, since your service now has URI appended to it. This wont scale well, if you have more endpoints.

You can possibly check for Request Transformer Plugin to replace the URI on the unauthenticated path. I haven’t explored much on it.

The right way is to remove only the prefix from the incoming URI and strip only (/v1) instead of whole URI before sending it to backend. I heard its on the works by Kong to support this.

@JohnWilliams I did try the request transformer plugin but nothing worked out. Maybe I was doing it wrong, no clue.

The backend service was receiving it weirdly.

Hopefully Kong releases a support soon. :grinning: