Setting up and using ACLs
Note: We have deprecated the usage of
blacklist in favor of
deny. This change may require Admin API requests to be updated.
Associate consumers with an ACL
You can have more than one group associated to a consumer.
When a consumer has been validated, the plugin appends a
header to the request before proxying it to the Upstream service, so that you can
identify the groups associated with the consumer. The value of the header is a
comma-separated list of groups that belong to the consumer, like
This header will not be injected in the request to the upstream service if
hide_groups_header config flag is set to