Welcome to web developers hell! You are welcome to defend your opinion/use case, and propose changes over those 2 topics:it depends how you want to proceed.

Contact the service owner to check what do you need I think it's just the documentation. { "message": "No API key found in headers or querystring" } Additional Details & Logs. ... (which is bearer only), the access token is passed in header as "Authorization: Bearer " Rest api looks at the role of the user and based on that either returns the desired data or throws a 403 Forbidden exception.
同样创建一个消费者. The issue is the key name. 注意： 这里 --header 'Host: ' 的值要和第2步中的 --data 'hosts[]=' 的值要一样。 通常，我们都会对提供的服务进行授权认证。KONG 提供了 key-auth 插件，可以实现认证的功能。 添加认证. Take it as you will!This is more of an unexpected side-effect/bug rather than an overlook over the documentation. In fact, we created two of these, an API Key Authentication Plugin (httpbin-auth) and a Rate Limiting ... And checking the header tab should show me the Kong Rate Limiting plugin’s headers.
The key name ApiKeyAuth is an arbitrary name for the security scheme (not to be confused with the API key name, which is specified by the name key). Kong version 0.9.8; Operating System OSX; This comment has been minimized. Key Authentication . If the key name is AUTH-KEY, then the subsequent call upstream works. 向API添加密钥身份验证（也称为API密钥）。 然后，消费者可以在 querystring 参数或 Header 头中添加其密钥，以验证其请求。 进入之前部署好的kong-ui，选择plugins，点击+号 . If this is not up to date, you will have big problems!Again, this is my opinion from my recent analysis of kong. Contributors are encouraged to propose sister PRs for changes introduced in this repository. In this tutorial, we discussed about applying KONG plugins like Key Authentication and Rate Limiting on the registered API. Specify the consumer_id in the following query to add rate-limiting plugin to the consumer.To add rate-limiting plugin on the route of the service, you need to add the route_id to the following query. delete the key-auth plugin of the service and lets add on the route to test.Here we conclude that we can provide a specific route of the API to specific consumer with This plugin helps us to restrict consumer making requests to our API/Service in a given period of time(seconds, minute, hour, month, year).Similarly you can play around with this rate-limiting plugin on consumer or route of the service too. I was about to report the same issue. GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.By clicking “Sign up for GitHub”, you agree to our Verifying credentials, I get invalid response back from Kong.Also should the responses not comply with json api spec?I was about to report the same issue.

But with underscore, it does not.Not sure though what the status of allowed characters is in headers.Either way, it does not return the correct response. from the comments sounds like you have two choices:1)state in api documentation, that api key name does not allow special characters such as underscore. In the previous post, we discussed about registering the Flask API to KONG service. 配置 key-auth 插件

Sign in to view. Dismiss Join GitHub today. Copy link Quote reply mtmail commented Feb 11, 2017.

Ask Question Asked today. 4. No API key found in headers or querystring

Using Kong API Gateway key-auth plugin with keycloak protected rest apis. I think it's just the documentation.In reality following all steps in the setup the response is a "403 Forbidden" with the content Of course when I call the key-auth enabled API with In my opinion returning 401 vs 403 is good, especially for API-users to give them a hint they forgot to send the key. GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. The problem is that you try to access a service from a site that has no right to do so...Do these things: 1.

Consumers can add their Apikey either in a querystring parameter …

This example defines an API key named X-API-Key sent as a request header X-API-Key: .

其中客户Id为选填.

The name ApiKeyAuth is used again in the security section to apply this security scheme to the API. 按需求输入参数.

return a 400 bad request if a user attempts to create api key plugin with incorrect valueIt seem the bug is still in 0.10.1?I hit the bug in the kong v0.10.1Successfully merging a pull request may close this issue. What I want: To authenticate external users using an api-key and then add rate … If kong does not support underscore in the key name, then the request to enable api key plugin should have failed with a meaningful error message and this outlined in the api documentation also.To me documentation is source of truth. Note: The securitySchemes section alone is not enough; you … Key-Authentication Rate-limiting Key-Authentication Plugin This Key Authentication plugin can be added to a service or a route.

Again, I think the documentation just needs to be updated.That is not the issue.