All Products
Search
Document Center

API Gateway:Configure an authentication policy

Last Updated:Jun 17, 2026

REST API routes support API key, JWT, and HMAC authentication to verify caller identities, enforce fine-grained access control across tenants, and prevent unauthorized access.

Procedure

Important

After you enable consumer authentication, you must bind consumer authorization to the current API. Otherwise, the API cannot be accessed.

  1. You can configure consumer authentication from inside or outside a gateway instance:

    APIs outside an instance

    1. Log in to the Cloud-native API Gateway console. In the navigation pane on the left, choose API, and then select a region from the top navigation bar.

    2. Click the target API and select the target instance from the drop-down list.

    3. Click the Consumer certification tab.

    APIs inside an instance

    1. Log in to the Cloud-native API Gateway console. In the navigation pane on the left, choose Instance, and then select a region from the top navigation bar.

    2. On the Instance page, click the ID of the target gateway instance. In the navigation pane on the left, choose API. Click the target API, and then click the Consumer certification tab.

  2. Click Edit in the upper-right corner of the target API, or on the Consumer certification tab, click Edit to the right of Configuration Information, turn on Status, and select an Authentication Method.

    Important

    After you change the consumer authentication configuration, you must republish it for the changes to take effect.

    Parameter

    Description

    Status

    Turns authentication on or off for this API. Authentication takes effect after you turn on the switch.

    Important

    For published APIs or routes, bind the consumer authentication policy and complete authorization before you enable the policy.

    Authentication Method

    The method used to authenticate consumers for this API. API key, JWT, and HMAC are supported.

  3. In the Consumers section, click Authorization, and then select a consumer from the drop-down list. You can also click Manage consumers to create and authorize a new consumer. Finally, click Add.

References