All Products
Search

This Product

    API Gateway:Consumer Authentication

    Document Center

    API Gateway:Consumer Authentication

    Last Updated:Jun 22, 2026

    AI Gateway supports consumer authentication for MCP services and MCP tools. API key-based authentication verifies caller identity, controls API access permissions, and enables fine-grained multitenancy management to ensure data isolation and prevent unauthorized access.

    Configuration description

    • Consumer authentication is supported in the following scenarios:

      • Gateway-built HTTP-to-MCP conversion.

      • Direct proxy for gateway-built MCP services.

      • Nacos-hosted HTTP-to-MCP conversion.

      • Nacos-hosted proxy for MCP services.

    • Consumer authentication permissions for MCP services have a higher priority than those for MCP tools.

    Configure MCP service-level consumer authentication

    1. Go to the instance page of the AI Gateway console, select the region where the instance is located, and then click the target instance ID.

    2. In the left-side navigation pane, click MCP Management. Then, click the card for the target service and click the Consumer Authentication tab.

    3. Click Configuration Information next to Edit. In the MCP Service Consumer Authentication dialog box that opens, turn on the Status switch and click OK.

      Important

      • After you enable consumer authentication, you cannot access the API if no authorization is configured.

      • Currently, only API key authentication is supported.

        An API key is a simple authentication method. The client includes the credential in the request in a specified format, and the gateway verifies its validity and permissions. API keys are suited for simple scenarios without sensitive operations and offer lower security than JSON Web Tokens (JWT) or AccessKey pairs (AK/SK). Manage and protect your credentials with caution.

    4. On the MCP tab, click Authorization. In the Add Consumer Authorization panel, select a consumer and click Add.

      Note

      If no consumers are available, you can click the input box next to Consumers and select Create Consumer from the drop-down list.

    Configure MCP tool-level consumer authentication

    1. Go to the instance page of the AI Gateway console, select the region where the instance is located, and then click the target instance ID.

    2. In the left-side navigation pane, click MCP Management. Then, click the card for the target service and click the Consumer Authentication tab.

    3. Click Configuration Information next to Edit. In the MCP Service Consumer Authentication dialog box that opens, turn on the Status switch and click OK.

      Important

      • After you enable consumer authentication, you cannot access the API if no authorization is configured.

      • Currently, only API key authentication is supported.

        An API key is a simple authentication method. The client includes the credential in the request in a specified format, and the gateway verifies its validity and permissions. API keys are suited for simple scenarios without sensitive operations and offer lower security than JSON Web Tokens (JWT) or AccessKey pairs (AK/SK). Manage and protect your credentials with caution.

    4. Click MCP Tools. On the MCP Tools tab, click Authorization. In the Add Consumer Authorization panel, select a consumer and a tool, and then click Add.

      Note

      If no consumers are available, you can click the input box next to Consumers and select Create Consumer from the drop-down list.