Configuration

configobject
Hide Child Parameters
anonymousstring

An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request will fail with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

hide_credentialsboolean

An optional boolean value telling the plugin to show or hide the credential from the upstream service. If true, the plugin strips the credential from the request (i.e., the header, query string, or request body containing the key) before proxying it.

Default:false

key_in_bodyboolean

If enabled, the plugin reads the request body (if said request has one and its MIME type is supported) and tries to find the key in it. Supported MIME types: application/www-form-urlencoded, application/json, and multipart/form-data.

Default:false

key_in_headerboolean

If enabled (default), the plugin reads the request header and tries to find the key in it.

Default:true

key_in_queryboolean

If enabled (default), the plugin reads the query parameter in the request and tries to find the key in it.

Default:true

key_namesarray[string]

A string representing an HTTP header name.

Default:apikey

realmstring

When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.

run_on_preflightboolean

A boolean value that indicates whether the plugin should run (and try to authenticate) on OPTIONS preflight requests. If set to false, then OPTIONS requests are always allowed.

Default:true

protocolsarray[string]

A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.

Allowed values:grpcgrpcshttphttpswswss

Default:grpc, grpcs, http, https, ws, wss

routeobject

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

* Additional properties are NOT allowed.
Hide Child Parameters
idstring
serviceobject

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

* Additional properties are NOT allowed.
Hide Child Parameters
idstring

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!