Enforce headers, body validation, and HMAC digest algorithms

Enforces headers that the client should use during HTTP signature creation, as well as body validation. Specifies that the hmac-sha1 and hmac-sha256 algorithms should be used to hash the digest.

Set up the plugin

Add this section to your declarative configuration file:

_format_version: "3.0"
plugins:
  - name: hmac-auth
    config:
      enforce_headers:
      - date
      - "@request-target"
      algorithms:
      - hmac-sha1
      - hmac-sha256
      validate_request_body: true
Copied to clipboard!

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!