Contact 3rd party for support: This plugin is developed, tested, and maintained by Moesif
This plugin allows you to understand customer API usage and monetize your APIs with usage-based billing by logging API traffic to Moesif API Monetization and Analytics. Moesif enables you to:
- Analyze customer API usage
- Get alerted of issues
- Monetize APIs with usage-based billing
- Enforce quotas and contract terms
- Guide users
This plugin supports automatic analysis of high-volume REST, GraphQL, XML/SOAP, and other APIs without adding latency.
How it works
This plugin logs API traffic to Moesif API Analytics and Monetization. It batches data and leverages an asynchronous design to ensure no latency is added to your API.
Moesif natively supports REST, GraphQL, Web3, SOAP, JSON-RPC, and more. Moesif is SOC 2 Type 2 compliant and has features like client-side encryption so data stays private to your organization.
How to install
If you are using Kong’s Kubernetes ingress controller, the installation is slightly different. Review the docs for the Kong Ingress Controller.
The .rock
file is a self-contained package that can be installed locally or from a remote server.
If the LuaRocks utility is installed in your system (this is likely the case if you used one of the official installation packages), you can install the ‘rock’ in your LuaRocks tree (a directory in which LuaRocks installs Lua modules).
Install the Moesif plugin
luarocks install --server=http://luarocks.org/manifests/moesif kong-plugin-moesif
Update your loaded plugins list
In your kong.conf
, append moesif
to the plugins
field (or custom_plugins
if old version of Kong). Make sure the field is not commented out.
plugins = bundled,moesif # Comma-separated list of plugins this node
# should load. By default, only plugins
# bundled in official distributions are
# loaded via the `bundled` keyword.
If you don’t have a kong.conf
, create one from the default using the following command:
cp /etc/kong/kong.conf.default /etc/kong/kong.conf
Restart Kong
After LuaRocks is installed, restart Kong before enabling the plugin
kong restart
Enable the Moesif plugin
curl -i -X POST --url http://localhost:8001/plugins/ --data "name=moesif" --data "config.application_id=YOUR_APPLICATION_ID";
Restart Kong again
If you don’t see any logs in Moesif, you may need to restart Kong again.
kong restart
Updating plugin configuration
View upgrade steps in the Moesif docs.
Identifying users
This plugin automatically identifies API users so you can associate a user’s API traffic to user data and other app analytics. The default algorithm covers most authorization designs and works as follows, in this order of precedence:
- If the
config.user_id_header
option is set, read the value from the specified HTTP header keyconfig.user_id_header
. - Else, if Kong has a value defined for
x-consumer-custom-id
,x-consumer-username
, orx-consumer-id
(in that order), use that value. - Else, if an authorization token is present in
config.authorization_header_name
, parse the user ID from the token as follows:- If header contains
Bearer
, base64 decode the string and use the value defined byconfig.authorization_user_id_field
(default value issub
). - If header contains
Basic
, base64 decode the string and use the username portion (before the:
character).
- If header contains
For advanced configurations, you can define a custom header containing the user id via config.user_id_header
or override the options config.authorization_header_name
and config.authorization_user_id_field
.
Identifying companies
You can associate API users to companies for tracking account-level usage similar to user-level usage. This can be done in one of the following ways, by order of precedence:
- Define
config.company_id_header
. Moesif will use the value present in that header. - Use the Moesif update user API to set a
company_id
for a user. Moesif will associate the API calls automatically. - Else if an authorization token is present in
config.authorization_header_name
, parse the company ID from the token as follows:- If header contains
Bearer
, base64 decode the string and use the value defined byconfig.authorization_company_id_field
(default value isnull
).
- If header contains
More info on identifying customers
Troubleshooting
View troubleshooting Moesif docs for troubleshooting steps.