Estimated reading time:
In this section, you’ll learn how to configure Kong plugins. One of the core
principles of Kong is its extensibility through plugins. Plugins
allow you to easily add new features to your Service or make it easier to
In the steps below you will configure the key-auth plugin to add
authentication to your Service. Prior to the addition of this plugin, all
requests to your Service would be proxied upstream. Once you add and configure this
plugin, only requests with the correct key(s) will be proxied - all
other requests will be rejected by Kong, thus protecting your upstream service
from unauthorized use.
1. Configure the key-auth plugin
To configure the key-auth plugin for the Service you configured in Kong,
issue the following cURL request:
$ curl -i -X POST \
--url http://localhost:8001/services/example-service/plugins/ \
Note: This plugin also accepts a
config.key_names parameter, which
['apikey']. It is a list of headers and parameters names (both
are supported) that are supposed to contain the apikey during a request.
2. Verify that the plugin is properly configured
Issue the following cURL request to verify that the key-auth
plugin was properly configured on the Service:
$ curl -i -X GET \
--url http://localhost:8000/ \
--header 'Host: example.com'
Since you did not specify the required
apikey header or parameter, the
response should be
HTTP/1.1 401 Unauthorized
"message": "No API key found in request"
Now that you’ve configured the key-auth plugin lets learn how to add
consumers to your Service so we can continue proxying requests through Kong.
Go to Adding Consumers ›