主页 > IT业界  > 

kongAPIKey认证插件详解

kongAPIKey认证插件详解

在 API 网关中,身份认证 是保障接口安全的重要手段之一。Kong 作为主流 API 网关之一,提供了多种认证方式,其中 API Key Authentication 适用于 轻量级认证 场景。本文将详细介绍如何在 Kong 中启用 API Key 认证 并进行测试。

目录 1.1.1、环境准备1.1.1.1、创建一个服务,key-auth-demo1.1.1.2、创建对应的路由,key-auth-demo1.1.1.3、测试环境 1.1.2、插件安装1.1.2.1、在服务范围内安装1.1.2.2、 在route范围内安装1.1.2.3、 全局范围内安装 1.1.2、测试1.1.3、环境清理1.1.3.1、清除服务范围内的插件1.1.3.2、清除route范围内的插件1.1.3.2、清除全局范围内的插件 1.1.4、总结

1.1.1、环境准备 1.1.1.1、创建一个服务,key-auth-demo curl -i -s -X POST http://localhost:8001/services \ --data name=key-auth-demo \ --data url='http://localhost:8080'

http://localhost:8080 端口是运行一个Go的服务,请求/hello将返回对应的数据。

将会返回数据:

Hello, kong,I'm runing at 8080! 1.1.1.2、创建对应的路由,key-auth-demo curl -i -X POST http://localhost:8001/services/key-auth-demo/routes \ --data 'paths[]=/key-auth-demo' \ --data name=key-auth-demo 1.1.1.3、测试环境 [root@iZbp1ivu3yaedumdy0va2vZ kong]# curl http://localhost:8000/key-auth-demo/hello Hello, kong,I'm runing at 8080!

看到如下输出,证明已经环境已经搭建OK。

1.1.2、插件安装

插件的相关文档为

docs.konghq /hub/kong-inc/key-auth/configuration/

1.1.2.1、在服务范围内安装 curl -X POST http://localhost:8001/services/{serviceName|Id}/plugins \ --header "accept: application/json" \ --header "Content-Type: application/json" \ --data ' { "name": "key-auth", "config": { "key_names": [ "apikey" ] } } 示例: curl -X POST http://localhost:8001/services/key-auth-demo/plugins \ --header "accept: application/json" \ --header "Content-Type: application/json" \ --data ' { "name": "key-auth", "config": { "key_names": [ "apikey" ] } }'

{serviceName|Id} : 这里用要对哪个服务开启

name: 代表已启动的插件名

config: 插件对应的配置信息

返回的结果如下:

{ "consumer": null, "config": { "hide_credentials": false, "key_in_header": true, "key_in_query": true, "key_in_body": false, "run_on_preflight": true, "key_names": [ "apikey" ], "realm": null, "anonymous": null }, "name": "key-auth", "instance_name": null, "protocols": [ "grpc", "grpcs", "http", "https" ], "created_at": 1739512641, "updated_at": 1739512641, "enabled": true, "service": { "id": "ae557210-8f1f-415b-8549-3c973e495881" }, "id": "8b8d48db-3a15-4a94-ba81-93a1f350702d", "route": null, "tags": null } 1.1.2.2、 在route范围内安装 curl -X POST http://localhost:8001/routes/{route_id_or_name}/plugins \ --header "accept: application/json" \ --header "Content-Type: application/json" \ --data ' { "name": "key-auth", "config": { "key_names": [ "apikey" ] } }' 实例 curl -X POST http://localhost:8001/routes/key-auth-demo/plugins \ --header "accept: application/json" \ --header "Content-Type: application/json" \ --data ' { "name": "key-auth", "config": { "key_names": [ "apikey" ] } }' 1.1.2.3、 全局范围内安装 curl -X POST http://localhost:8001/plugins \ --header "accept: application/json" \ --header "Content-Type: application/json" \ --data '{"name":"key-auth","enabled":true,"protocols":["grpc","grpcs","http","https"],"config":{"hide_credentials":false,"key_in_body":false,"key_in_header":true,"key_in_query":true,"key_names":["apikey"],"run_on_preflight":true}}' 1.1.2、测试

开启了kye-auth插件后,如果还是正常访问,将会返回401

[root@iZbp1ivu3yaedumdy0va2vZ ~]# curl -i http://localhost:8000/key-auth-demo/hello HTTP/1.1 401 Unauthorized Date: Fri, 14 Feb 2025 06:04:46 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive WWW-Authenticate: Key Content-Length: 96 X-Kong-Response-Latency: 1 Server: kong/3.9.0 X-Kong-Request-Id: 3d24b81b896b1b3e6bcc626177e8ea3b { "message":"No API key found in request", "request_id":"3d24b81b896b1b3e6bcc626177e8ea3b" }

那么应该如何访问呢?

创建一个用户

curl -X POST http://localhost:8001/consumers -d username=key-auth-user

给这个用户分配一个apiKey

curl -X POST http://localhost:8001/consumers/key-auth-user/key-auth \ -d key=api_key_78954455

在请求头中携带apikey,或者在请求参数中携带apikey,如下所示:

[root@iZbp1ivu3yaedumdy0va2vZ ~]# curl -i -H "apikey:api_key_78954455" http://localhost:8000/key-auth-demo/hello HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Content-Length: 31 Connection: keep-alive Date: Fri, 14 Feb 2025 06:10:22 GMT Server: kong/3.9.0 X-Kong-Upstream-Latency: 0 X-Kong-Proxy-Latency: 3 Via: 1.1 kong/3.9.0 X-Kong-Request-Id: e9e4eb0de1646867fcb3b810ef8d9570 Hello, kong,I'm runing at 8080! curl -i http://localhost:8000/key-auth-demo/hello?apikey=api_key_78954455 [root@iZbp1ivu3yaedumdy0va2vZ ~]# curl -i http://localhost:8000/key-auth-demo/hello?apikey=api_key_78954455 HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Content-Length: 31 Connection: keep-alive Date: Fri, 14 Feb 2025 06:13:40 GMT Server: kong/3.9.0 X-Kong-Upstream-Latency: 1 X-Kong-Proxy-Latency: 1 Via: 1.1 kong/3.9.0 X-Kong-Request-Id: cbfd604c2e274833e2baa77dfe322938 Hello, kong,I'm runing at 8080! 1.1.3、环境清理 1.1.3.1、清除服务范围内的插件 获取服务范围内的插件 curl -X GET http://localhost:8001/services/key-auth-demo/plugins { "data": [ { // ... "id": "8b8d48db-3a15-4a94-ba81-93a1f350702d", // ... } ], "next": null }

这里我我记录想要删除id是啥,到下一步请求的时候需要使用。

删除指定的插件

curl -X DELETE http://localhost:8001/services/key-auth-demo/plugins/8b8d48db-3a15-4a94-ba81-93a1f350702d

身份认证插件清除后,不适用apiKey也能进行访问了。

1.1.3.2、清除route范围内的插件

获取route范围内的插件

curl -X GET http://localhost:8001/routes/key-auth-demo/plugins { "data": [ { // ... "id": "22245c50-f2d1-42c8-b4aa-090414e763d3", // ... } ], "next": null }

删除指定的插件

curl -X DELETE http://localhost:8001/routes/key-auth-demo/plugins/22245c50-f2d1-42c8-b4aa-090414e763d3 1.1.3.2、清除全局范围内的插件 获取全局范围内的插件 curl -X GET http://localhost:8001/plugins 返回结果,省略部分数据 { "data": [ { "id": "5ebe8f78-41b0-4ae6-a21c-4e69f97d419c", } ], "next": null } 删除指定的插件 curl -X DELETE http://localhost:8001/plugins/5ebe8f78-41b0-4ae6-a21c-4e69f97d419c 1.1.4、总结

基于 API Key Authentication 的插件非常适合需要快速、轻量认证的场景,尤其在以下情况下表现尤为出色:

提供开放 API 给开发者或第三方系统。简单的客户端认证,尤其在移动应用和 Web 应用中。管理和限制不同用户、客户端或服务的访问权限。配合流量控制插件(如 Rate Limiting)使用,避免过度请求。

虽然 API 密钥认证简单易用,但它的安全性相对较低,尤其是在传输过程中密钥可能会被泄露。

因此,常常配合 HTTPS 使用,以保证通信的安全。

标签:

kongAPIKey认证插件详解由讯客互联IT业界栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“kongAPIKey认证插件详解

上一篇
Meta正在押注人形机器人领域

下一篇
【HF设计模式】07-适配器模式外观模式

推荐文章