For now, the value of apikey is tied to the consumer.
The question is: Can apikey be bound to the service?
For example:
- key1 can only access service A;
- key2 can only access service B.
Hi,
My understanding is that setting up the key-auth plugin for service means that you configure the authentication mechanism to identify the consumer that did the request.
When you are writing “key1 can only access service A;” , it looks like rather an authorisation. Once you identified the consumer matching with the key1, then you want to authorise him on the service.
I would go with the ACL plugin (https://docs.konghq.com/hub/kong-inc/acl/)
Combining the key-auth plugin for authentication and ACL plugin for authorisation should answer your need