Overview
Basic Certifications
Basic Authentication
ADD Basic Authentication to your APIs, with username and password protection. The plugin would check for valid credentials in the proxy-authorization and Authorization headers (in this order).
Use a username and password to add Basic authentication to your APIs interface set. The plugin verifies the valid authentication information of the user through the authorization information in header.
Configuration
Configuring the plugin is straightforward, you can add it on top of a API by executing the following request on your Kong Server
$ curl-x POST http://kong:8001/apis/{API}/plugins \
--data "Name=basic-auth" \
--data "Config.hide_credentials=true"
Api:the ID or name of the the API that this plugin configuration would target
Configuring the plugin is simple, you can follow the following operation, skillfully add a plug-in plug-in.
$ curl-x POST http://kong:8001/apis/{API}/plugins \
--data "Name=basic-auth" \
--data "Config.hide_credentials=true"
--data represents the parameters of the configuration plug-in.
{API} represents the target API for applying plug-ins.
You can also apply it for every API using the http://kong:8001/plugins/endpoint. Read the Plugin Reference for more information.
You can also apply the entire API, using an address such as http://kong:8001/plugins/, to represent the application to the global API. Read the plugin guide for more information.
Once applied, any user with a valid credential can access the SERVICE/API. To restrict usage to some of the authenticated users, also add the ACL plugin (don't covered here) and create whitelist Or blacklist groups of users.
Once applied, any valid authenticated user has permission to invoke the service/api. In order to limit the use of certain users, you can also add ACL plug-ins for users, by configuring the blacklist, whitelist to achieve the limit effect.
form Field parameter Description:
Form domain name default value description
Name (required) No plug-in names, where the plug-in name is: Basic-auth
Config.hide_credentials (optional) False Boolean that tells the plug-in whether authentication information is hidden from the upstream API service. If configured True, the plug-in will clear the authentication information before forwarding the request to the upstream API service.
Config.anonymous (optional) An empty string type that is used as an anonymous user if authentication fails. If NULL, returns a 4xx of error authentication information when the request fails. 1. Create an API
Api-name:testbasicauth
hosts:10.110.2.3
Visit url:/test
SOURCE Url:http://10.110.2.54:8040/health
Other defaults are also available, depending on the business situation.
After creation: Client access: Http://10.110.2.3:8000/test verifies that the API can be called successfully.
2. Create a user
Username:consumerofbasic,custom Id:cidbasic. 3. Create a basic auth for the user
Create Basic-auth user and secret key: Username=csofbasic,password=testkongpwd. Note that here username and consumer username are not the same, username is the user's only public user name, Basic-auth username can be multiple. Specific operation, the following figure:
4. Add a basic-auth plugin
The scope of the action is all APIs.
5. Invoking the sample
For Basic-auth user and secret key: Username=csofbasic,password=testkongpwd is Base64 encoded in the following format:
Csofbasic:testkongpwd Y3NPZKJHC2LJONRLC3RRB25NCHDK
Please copy csofbasic:testkongpwd to your Base64 coding code in the test, encoded ciphertext, must be Y3NPZKJHC2LJONRLC3RRB25NCHDK, if not, then your Base64 coding code must be wrong.
The following methods verify success.
Verify 1:curl Http://10.110.2.3:8000/test-H ' Authorization:basic y3npzkjhc2ljonrlc3rrb25nchdk '
Verify 2:basic authentication and add key=authorization,value= basic Y3NPZKJHC2LJONRLC3RRB25NCHDK to the header