Limit routes to specific consumers

shvarti · February 12, 2022, 6:37am

Hello all: I am settign up API Gateway and I want to limit certain routes only to specific consumers. In order to do that, I thought i could do this:

add a key-auth plugin to a route
create several consumers
associate specific key-auth plugin from step 1 with some of the consumers created in step 2.

Step 3: i cant seem to figure out a way to do that. when editing the plugin I don’t see a way to associate specific consumers to the plug in (even though option to scope it says “Specific consumers, services, and/or routes”)

Am I completely misunderstanding the way it works? If so, how do i limit route to only some of the consumers.

fomm · February 12, 2022, 7:02am

If you have let’s say 5 consumers (all of them has their own API keys) and you only want 3 of them to consume a certain api, you need to use ACL plugin.

What you can try:

Enable ACL plugin on the route/service. Use config.allow to specify the user group that can consumer these apis.
Create ACL credentials to the 3 consumers that you want to allow.
Only the consumers that have been added to the acl group can send request to the routes with their own api key.

Topic		Replies	Views
Way of allow/disallow specific route of a service by consumer Questions	4	862	August 14, 2021
Key Authentication Plugin Questions	1	578	April 27, 2021
Allow only specific consumers on a route Questions	3	1220	June 13, 2020
Kong ingress controller rate-limit plugin seems to ignore consumer	6	696	February 27, 2020
Multiple Rate-Limit plugins on the same route Questions plugins	0	50	August 7, 2024

Limit routes to specific consumers

Related topics