REST API routes support API key, JWT, and HMAC authentication to verify caller identities, enforce fine-grained access control across tenants, and prevent unauthorized access.
Procedure
After you enable consumer authentication, you must bind consumer authorization to the current API. Otherwise, the API cannot be accessed.
-
You can configure consumer authentication from inside or outside a gateway instance:
APIs outside an instance
-
Log in to the Cloud-native API Gateway console. In the navigation pane on the left, choose API, and then select a region from the top navigation bar.
-
Click the target API and select the target instance from the drop-down list.
-
Click the Consumer certification tab.
APIs inside an instance
-
Log in to the Cloud-native API Gateway console. In the navigation pane on the left, choose Instance, and then select a region from the top navigation bar.
-
On the Instance page, click the ID of the target gateway instance. In the navigation pane on the left, choose API. Click the target API, and then click the Consumer certification tab.
-
-
Click Edit in the upper-right corner of the target API, or on the Consumer certification tab, click Edit to the right of Configuration Information, turn on Status, and select an Authentication Method.
ImportantAfter you change the consumer authentication configuration, you must republish it for the changes to take effect.
Parameter
Description
Status
Turns authentication on or off for this API. Authentication takes effect after you turn on the switch.
ImportantFor published APIs or routes, bind the consumer authentication policy and complete authorization before you enable the policy.
Authentication Method
The method used to authenticate consumers for this API. API key, JWT, and HMAC are supported.
-
In the Consumers section, click Authorization, and then select a consumer from the drop-down list. You can also click Manage consumers to create and authorize a new consumer. Finally, click Add.
References
-
To create and authorize consumers, see Manage consumers and Consumer authorization.
-
To learn how consumers securely access APIs through authentication and authorization, see Consumer authentication and authorization.