Hi,
Consider I have hosted 3 APIs on my domain say mydomain.com , now I want to secure 2 APIs with JWT plugin authentication and remaining 1 API with no authentication.
So its like:
mydomain.com/api1
mydomain.com/api2
mydomain.com/api3
I configured a service in Kong , with host as mydomain.com. And applied the JWT plugin on this Service.
As the plugin is applied on the service , it gets activated on all the APIs. However I need to secure only 2 of my APIs.
Any thoughts ?
Hi rohitk,
Why don’t separate into 3 services? I am testing my localhost for 3 services by difference path: /
(as home page), /authenticate
and /laravel
, leave Host and Method empty. Only /laravel
is applied JWT.
I test with sample jwt from jwt.io, it works as I expect. I think add mydomain.com
to Host in both 3 services is fine.
1 Like
Instead of applying the plugin to the Service, you can apply the plugin to each individual Route that you want JWT enabled. The model with Services and Routes gives you this flexibility to apply some plugins to the Service (hence applying to requests coming via all Routes that use this Service) and other plugins to a single Route.
1 Like
Thanks @hisham,
I had to make another change in route to set “strip_path” to NO
the default value of this property is Yes , so it was stripping out path from the API request and due to this my API was not getting resolved.