Skip to content
|
search
Plugin Hub
github-edit-pageEdit this page
report-issueReport an issue
header icon

HMAC Auth Configuration

By Kong Inc.

Configuration

This plugin is partially compatible with DB-less mode.

Consumers and Credentials can be created with declarative configuration.

Admin API endpoints that do POST, PUT, PATCH or DELETE on Credentials will not work on DB-less mode.

Compatible protocols

The HMAC Auth plugin is compatible with the following protocols:

grpc, grpcs, http, https, ws, wss

Parameters

Here's a list of all the parameters which can be used in this plugin's configuration:

  • name

    string required

    The name of the plugin, in this case hmac-auth.

  • instance_name

    string

    An optional custom name to identify an instance of the plugin, for example hmac-auth_my-service. Useful when running the same plugin in multiple contexts, for example, on multiple services.

  • service.name or service.id

    string

    The name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level /plugins endpoint. Not required if using /services/SERVICE_NAME|ID/plugins.

  • route.name or route.id

    string

    The name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint. Not required if using /routes/ROUTE_NAME|ID/plugins.

  • enabled

    boolean default: true

    Whether this plugin will be applied.

  • config

    record required

    • hide_credentials

      boolean required default: false

      An optional boolean value telling the plugin to show or hide the credential from the upstream service.

    • clock_skew

      number default: 300

      Clock skew in seconds to prevent replay attacks.

    • anonymous

      string

      An optional string (Consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.

    • validate_request_body

      boolean required default: false

      A boolean value telling the plugin to enable body validation.

    • enforce_headers

      array of type string

      A list of headers that the client should at least use for HTTP signature creation.

    • algorithms

      array of type string default: hmac-sha1, hmac-sha256, hmac-sha384, hmac-sha512 Must be one of: hmac-sha1, hmac-sha256, hmac-sha384, hmac-sha512

      A list of HMAC digest algorithms that the user wants to support. Allowed values are hmac-sha1, hmac-sha256, hmac-sha384, and hmac-sha512