Enable authentication only at specific endpoint


#1

Can you give me example?

I have service service-alpha with Kong route : /alpha
Inside of service-alpha, there are two endpoints

The alpha services refer to upstream http://myserver:9001

I set two routes on service alpha:

  • /alpha with no auth plugin
  • /alpha/api/v1/read with api key plugin

However, accessing /alpha/api/v1/read is equals to accessing http://myserver:9001.

How can I set Kong to enable authentication only to /create What route configuration that correct?


#2

Well you could do

  1. service service1 : http://myserver:9001/api/v1/read , route: /alpha/api/v1/read (no plugin)
  2. service: service2 : http://myserver:9001/api/v1/create , route /alpha/api/v1/create (plugin)

My minds all over the place, so maybe a more efficient pattern is possible too though.


#3

Since more than one Route can be associated with a Service, it would be simpler to create a single Service with the two Routes/one Plugin noted above.


#4

Ah yes, and then just let wild carding do the rest to ensure it goes to the right back-end location. Much better :slight_smile: .


#5

It’s almost as if the good old API entity was split into Routes and Services precisely for this use case! :joy:


#6

What wildcard?
In your example above, is that means if I have 10 endpoints, I have to create 10 routes?
Seems ineffficient


#7

Kong supports wild carding, meaning you make a Kong route like this:

/api/test

Then someone actually calls the route like this:

/api/test/myservice/1

And you have a Kong service set to http://company.com,

Then the Backend service url after Kong proxies is: http://company.com/myservice/1


#8

OK, got the way

service 1 : alpha, route /alpha (no plugin)
service 2 : alpha-secure, route /alpha/api/v1/create (with plugin)

Thanks