3

I am new to Kong. I am using Kong version 0.12.1. I have configured my api with Kong using basic-auth and it works as per the document, I am able to GET the host url with authentication using Kong Proxy in command window curl -i -X GET --url https://localhost:8443/ -H 'Host: example.com' -H 'Authorization: Basic XXXXXXXXXX' . But I need to secure my API using kong in a way that anyone who makes an api call needs to be authenticated via Kong.

Your suggestions are much appreciated...... Thank you

Aravindh
  • 441
  • 1
  • 6
  • 17

4 Answers4

1

Step to Configure your API with Kong.

  1. To secure your Upstream API(your backend APIs), you need to expose it locally (127.0.0.1) only, not global so no one directly hit your API.

  2. Register your Upstream API with Kong Service/Route object. Kong 1.0 has Service and route object.

  3. Configure and add Kong JWT or other Authentication plugins in your Kong Service/Route object

  4. Now your API is completely protected by Kong. It is only accessible through Kong proxy. Expose your Kong proxy point globally using kong.conf

Kiran Mali
  • 597
  • 4
  • 12
0

From your description, it sounds like you have secured your API using Kong :)

What problem are you experiencing?

Cooper
  • 826
  • 9
  • 10
  • my question is, is there any possibilities of kong asks for its authentication when I call my api directly – Aravindh Mar 26 '18 at 05:29
0

Use key-auth plugin with ACL. Check documentation for configuration.

user3556245
  • 11
  • 1
  • Hi! You should include the main steps of this solution. Link only answers are not very good, since those links may disappear some time. – António Almeida May 04 '18 at 10:11
0

Enable JWT plugin against service if you want to have all secure routes for a given service. If Use case is secure a specific route, enable the JWT plugin against route.

user2737926
  • 97
  • 1
  • 1
  • 9