Configuration
This plugin is partially compatible with DB-less mode.
Consumers and Credentials can be created with declarative configuration.
Admin API endpoints that do POST, PUT, PATCH or DELETE on Credentials will not work on DB-less mode.
Compatible protocols
The HMAC Auth plugin is compatible with the following protocols:
grpc
, grpcs
, http
, https
, ws
, wss
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
name
string requiredThe name of the plugin, in this case
hmac-auth
. -
instance_name
stringAn optional custom name to identify an instance of the plugin, for example
hmac-auth_my-service
. Useful when running the same plugin in multiple contexts, for example, on multiple services. -
service.name or service.id
stringThe name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/plugins
endpoint. Not required if using/services/SERVICE_NAME|ID/plugins
. -
route.name or route.id
stringThe name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/plugins
endpoint. Not required if using/routes/ROUTE_NAME|ID/plugins
. -
enabled
boolean default:true
Whether this plugin will be applied.
-
config
record required-
hide_credentials
boolean required default:false
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
-
clock_skew
number default:300
Clock skew in seconds to prevent replay attacks.
-
anonymous
stringAn optional string (Consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
-
validate_request_body
boolean required default:false
A boolean value telling the plugin to enable body validation.
-
enforce_headers
array of typestring
A list of headers that the client should at least use for HTTP signature creation.
-
algorithms
array of typestring
default:hmac-sha1, hmac-sha256, hmac-sha384, hmac-sha512
Must be one of:hmac-sha1
,hmac-sha256
,hmac-sha384
,hmac-sha512
A list of HMAC digest algorithms that the user wants to support. Allowed values are
hmac-sha1
,hmac-sha256
,hmac-sha384
, andhmac-sha512
-