All Products
Search
Document Center

API Gateway:Authentication

Last Updated:Jun 22, 2026

Cloud-native API Gateway provides authentication and authorization plugins that help you enhance system security and access control.

Plugin

Description

key-auth plugin

The key-auth plugin authenticates requests using an API key parsed from URL parameters or request headers, and verifies that the key has the required access permissions.

basic-auth plugin

The basic-auth plugin authenticates requests based on the HTTP Basic Auth standard.

hmac-auth plugin

The hmac-auth plugin generates a non-forgeable HMAC signature for HTTP requests to authenticate and authorize callers.

jwt-auth plugin

The jwt-auth plugin authenticates requests using JSON Web Tokens (JWT) parsed from URL parameters, request headers, or the Cookie field, and verifies that the token has the required access permissions. Unlike Configure JWT authentication, the jwt-auth plugin can also identify callers, which lets you configure different JWT credentials for each caller.

oauth plugin

The oauth2 plugin issues OAuth2 access tokens based on JWT in compliance with the RFC 9068 specification.

jwt-logout plugin

The jwt-logout plugin uses Redis to implement a weak state management mechanism for JWT, enabling active token logout and single-session enforcement. For example, when a user logs on from a new device, the plugin can automatically log them out of the previous device.