I declared many APIs (v12.3) with specifics uris (including regex) and method.
Some APIs need to be consumed by a different type of consumers. For that, I enable ACL plugin and define different groups.
Assuming that we have a group for users using oauth2 authentication and another group for devices using key authentication.
By enabling both plugins on the same API, I expected to have a choice to provide a key or an access token… unfortunately, it requires to provide both.
By defining two same APIs and using one plugin in each one, cause the rules are similar, Kong choose the first API declared (default behavior) then one type of consumers cannot authenticate.
Do I miss something on my way to use Kong and authentication plugins?
I have a workaround using different uris but same upstream urls … but not really nice for the customer.
Thanks in advance for any advice and help