Rate Limiting for consumers validated by API-KEY and JWT

Hi all,

using KONG 3.3.0, in our project we are using 2 types of auth - one is per application (api-key → acl/key-auth), and one is per user - Authorization: Bearer token (JWT auth)

Now we want to provide “VIP” rate-limits (higher than normal) for VIP application (key-auth) and also for VIP user (JWT auth).

The problem is, I can set up to have precedence one or other, so always one will not work

The client is always sending api-key and if authenticated also Authorization Bearer token (JWT).

I set services to validate always api-key (so without api-key nothing is working). JWT is optional and required only on some routes (user-info, logout etc)

Is there any workaround?

Thank you.