Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
|
search
Plugin Hub
github-edit-pageEdit this page
report-issueReport an issue
header icon

Moesif API Monetization and Analytics

By Moesif

This plugin allows you to understand customer API usage and monetize your APIs with usage-based billing by logging API traffic to Moesif API Monetization and Analytics. Moesif enables you to:

This plugin supports automatic analysis of high-volume REST, GraphQL, XML/SOAP, and other APIs without adding latency.

How it works

This plugin logs API traffic to Moesif API Analytics and Monetization. It batches data and leverages an asynchronous design to ensure no latency is added to your API.

Package on Luarocks

Moesif natively supports REST, GraphQL, Web3, SOAP, JSON-RPC, and more. Moesif is SOC 2 Type 2 compliant and has features like client-side encryption so data stays private to your organization.

How to install

If you are using Kong’s Kubernetes ingress controller, the installation is slightly different. Review the docs for the Kong Ingress Controller.

The .rock file is a self-contained package that can be installed locally or from a remote server.

If the LuaRocks utility is installed in your system (this is likely the case if you used one of the official installation packages), you can install the ‘rock’ in your LuaRocks tree (a directory in which LuaRocks installs Lua modules).

Install the Moesif plugin

luarocks install --server=http://luarocks.org/manifests/moesif kong-plugin-moesif

Update your loaded plugins list

In your kong.conf, append moesif to the plugins field (or custom_plugins if old version of Kong). Make sure the field is not commented out.

plugins = bundled,moesif         # Comma-separated list of plugins this node
                                 # should load. By default, only plugins
                                 # bundled in official distributions are
                                 # loaded via the `bundled` keyword.

If you don’t have a kong.conf, create one from the default using the following command: cp /etc/kong/kong.conf.default /etc/kong/kong.conf

Restart Kong

After LuaRocks is installed, restart Kong before enabling the plugin

kong restart

Enable the Moesif plugin

curl -i -X POST --url http://localhost:8001/plugins/ --data "name=moesif" --data "config.application_id=YOUR_APPLICATION_ID";

Restart Kong again

If you don’t see any logs in Moesif, you may need to restart Kong again.

kong restart

Updating plugin configuration

View upgrade steps in the Moesif docs.

Identifying users

This plugin automatically identifies API users so you can associate a user’s API traffic to user data and other app analytics. The default algorithm covers most authorization designs and works as follows, in this order of precedence:

  1. If the config.user_id_header option is set, read the value from the specified HTTP header key config.user_id_header.
  2. Else, if Kong has a value defined for x-consumer-custom-id, x-consumer-username, or x-consumer-id (in that order), use that value.
  3. Else, if an authorization token is present in config.authorization_header_name, parse the user ID from the token as follows:
    • If header contains Bearer, base64 decode the string and use the value defined by config.authorization_user_id_field (default value is sub).
    • If header contains Basic, base64 decode the string and use the username portion (before the : character).

For advanced configurations, you can define a custom header containing the user id via config.user_id_header or override the options config.authorization_header_name and config.authorization_user_id_field.

Identifying companies

You can associate API users to companies for tracking account-level usage similar to user-level usage. This can be done in one of the following ways, by order of precedence:

  1. Define config.company_id_header. Moesif will use the value present in that header.
  2. Use the Moesif update user API to set a company_id for a user. Moesif will associate the API calls automatically.
  3. Else if an authorization token is present in config.authorization_header_name, parse the company ID from the token as follows:
    • If header contains Bearer, base64 decode the string and use the value defined by config.authorization_company_id_field (default value is null).

More info on identifying customers

Troubleshooting

View troubleshooting Moesif docs for troubleshooting steps.