Limit routes to specific consumers

Hello all: I am settign up API Gateway and I want to limit certain routes only to specific consumers. In order to do that, I thought i could do this:

  1. add a key-auth plugin to a route
  2. create several consumers
  3. associate specific key-auth plugin from step 1 with some of the consumers created in step 2.

Step 3: i cant seem to figure out a way to do that. when editing the plugin I don’t see a way to associate specific consumers to the plug in (even though option to scope it says “Specific consumers, services, and/or routes”)

Am I completely misunderstanding the way it works? If so, how do i limit route to only some of the consumers.

If you have let’s say 5 consumers (all of them has their own API keys) and you only want 3 of them to consume a certain api, you need to use ACL plugin.

What you can try:

  1. Enable ACL plugin on the route/service. Use config.allow to specify the user group that can consumer these apis.
  2. Create ACL credentials to the 3 consumers that you want to allow.
  3. Only the consumers that have been added to the acl group can send request to the routes with their own api key.
1 Like