描述
key-auth 是一个认证插件,在header或者query中匹配key值即可通过认证
作用范围
该插件即可用于全局插件,也可用于路由级插件。全局插件配置的优先级高于路由级插件配置,当同时在某一路由上配置了key-auth的全局插件和路由级插件时,需带上全局插件配置中的key值才能通过。
属性
名称 | 类型 | 必选项 | 默认值 | 有效值 | 描述 |
key | string | 必需 | 在header或者query中通过apikey携带key值进行认证 |
如何启用
在配置窗口页以YAML格式填写
配置示例
下面是一个示例,填写key-auth配置信息:
“key”:”test”
启用/停用
在配置页面设置生效开关
验证插件
未启用插件时API请求结果
$ curl -i http://198.20.4.150:27151/apitest
HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 23 Dec 2022 03:53:53 GMT
Server: APISIX/2.13.3
rspTest: hello,world
[{"id":1,"productID":1,"reviewer":"Reviewer1","text":"THIS IS A GRAY VERSION "}]
启用插件不带apikey时API的请求结果
$ curl -i http://198.20.4.150:27151/apitest
HTTP/1.1 401 Unauthorized
Date: Fri, 23 Dec 2022 03:54:31 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/2.13.3
{"message":"Missing API key found in request"}
启用插件带apikey时API的请求结果
apikey的位置可以在header中也可以在query中
1)在header中使用
$ curl -i http://198.20.4.150:27151/apitest -H "apikey: test"
HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 23 Dec 2022 03:54:55 GMT
Server: APISIX/2.13.3
rspTest: hello,world
[{"id":1,"productID":1,"reviewer":"Reviewer1","text":"THIS IS A GRAY VERSION"}]
2)在query中使用
$ curl -i http://198.20.4.150:27151/apitest?apikey=test
HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 23 Dec 2022 03:55:28 GMT
Server: APISIX/2.13.3
rspTest: hello,world
[{"id":1,"productID":1,"reviewer":"Reviewer1","text":"An extremely entertaining play by Shakespeare"}]