Consumer Key Auth Credential creation in Kong Connect

Hello, using the kong connect management api, how can i create a Key Auth Credential for a consumer?

Somebody can help me on this?

Hello -

This can be found within Runtime Manager. Runtime Manager → Runtime Group → Consumers. After creating a consumer, go to Credentials and select key auth. Then you can generate a key auth credential (define it yourself, or have Konnect generate it)

Then you’ll want to enable the Key Auth plugin (and probably an ACL plugin if approproriate) on your Runtime Group / Service / or Route.

Thanks I appreciate your answer but I’m looking instead to do that in the screen, achieve that through API in Konnect.

Thanks

Something like this if you’re using deck:

_format_version: "3.0"
_konnect:
  runtime_group_name: production-blue
consumers:
- acls:
  - group: 3c0cd06f-af71-4b4a-99ef-74044a9dcfdf
  custom_id: my-ios-application
  keyauth_credentials:
  - key: ZXELXKXyejKIfYy1uFZQtcZ6CmbNl8Vk
  - key: 2k877h394L1PMZ4iofym5K6HfA6THLsl
  username: rossk

Via direct API, you’d be using the Runtime Groups Config API (Developer Portal) with the Consumer Object type (Admin API - v3.3.x | Kong Docs)

Great, which one will be the BaseUrl for Konnect? Because in the documentation point to the gateway and the port 8001and the dataplate do not have that port open and from outside that port and url is not accesible.

Thanks Ross for your time

Konnect Runtime Configuration API | Kong Docs should have more info for you. The base url will be:

Where runtime_group_id is the unique ID of the runtime group you want to use.

1 Like

Hello,
I’m also using Kong Konnect API to issue keys for consumers.

It seems key auth credential endpoint is not mentioned in neither linked doc above nor the latest doc.

But, found out from deck source code, API endpoint is /v2/control-planes/{control-plane-id}/core-entities/consumers/{consumer-id-or-name}/key-auth/{key-id-or-name}

However, when passing key (instead of key id), API returns 404 not found error.
When using Admin API, using key is allowed. Is it expected behaviour of Kong Konnect API?
I’d expected Kong Konnect (core entities) API is full compatible with Admin API but the reality is not.

First one - getting key by id succeeds
Second one - getting key by name fails

Konnect Gateway Control Plane API is nearly identical with the on-prem Admin API, but there are still a few edge cases. This is one of them and is on the engineering roadmap to support. In the meantime, you can use the consumer-id / key-id for direct access of those objects.

1 Like

I see,
Thank you so much for the clarifying.