{"id":38484,"date":"2016-07-29T09:42:49","date_gmt":"2016-07-29T04:12:49","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=38484"},"modified":"2016-07-29T11:58:51","modified_gmt":"2016-07-29T06:28:51","slug":"getting-started-with-application-authentication-via-kong-api-gateway","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/getting-started-with-application-authentication-via-kong-api-gateway\/","title":{"rendered":"Getting Started With Application Authentication Via Kong API Gateway"},"content":{"rendered":"

 <\/p>\n

\"kong2\"<\/p>\n

Kong is an open-source, customizable, Nginx-based and scalable API middleware (API Gateway).Kong can be configured in front of any RESTful API and let the developers concentrate more on implementing business logic without caring about functionalities like authentication mechanism, rate limiting, logging, \u00a0internal communications between APIs, carrying out communication with public entities and other organizations.\u00a0It’s like a security layer \u00a0which sits in front of your application and enhances it’s performance.Kong provides full control over architecture and it’s currently used by many organizations including small and large ones.We can add many functionalities to Kong via plugins and it is easily customizable.<\/span><\/p>\n

Once you integrate Kong within your architecture, you will have full control over Kong\u2019s data.It’s built on Nginx and uses the robust database like Apache Cassandra and PostgreSQL.It also provides Admin interface to manage your APIs.You can make Kong scale as per your requirements in which stateless Kong servers talks to the single Cassandra or PostgreSQL database and act in the same manner.The client applications talks to Kong and then Kong acts as a\u00a0reverse proxy and routes the requests to the applications on the basis of managed plugins in Kong.<\/span><\/p>\n

\"kong1\"<\/p>\n

Below is an illustration of integrating a RESTful API with Kong:
\nRequirements:
\n<\/strong>OS: ubuntu 14.04
\nkong version: 0.8.3
\nSingle Node Cassandra Database version: 2.2.7<\/p>\n

Note:\u00a0<\/strong>Kong, by default, listens to API Requests on port 8000 and it’s RESTful admin interface runs on port 8001.<\/p>\n

Step 1: Adding an API to Kong:<\/b><\/p>\n

[js]curl -i -X POST \\
\n –url http:\/\/localhost:8001\/apis\/ \\
\n –data ‘name=app’ \\
\n –data ‘upstream_url=http:\/\/xxxxxxxxxx.com\/’ \\
\n –data ‘request_host=xxxxxxxxxx.com’
\n[\/js]<\/p>\n

HTTP\/1.1 201 Created
\nDate: Thu, 28 Jul 2016 03:33:39 GMT
\nContent-Type: application\/json; charset=utf-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nAccess-Control-Allow-Origin: *
\nServer: kong\/0.8.3<\/p>\n

{“upstream_url”:”http:\\\/\\\/xxxxxxxxxx.com\\\/”,”strip_request_path”:false,”id”:”f4cf8a4e-88fd-49f1-85d2-1dbaae256547″,”created_at”:1469676819000,”preserve_host”:false,”name”:”app”,”request_host”:”xxxxxxxxxx.com”}<\/p>\n

Step 2: Accessing API via Kong:<\/b><\/p>\n

[js]curl -i -X GET –url http:\/\/localhost:8000\/heartbeat –header ‘Host: xxxxxxxxxx.com’ [\/js]<\/p>\n

HTTP\/1.1 200 OK
\nDate: Thu, 28 Jul 2016 03:36:21 GMT
\nContent-Type: application\/json;charset=UTF-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nServer: nginx\/1.4.6 (Ubuntu)
\nAccess-Control-Allow-Origin: *
\nAccess-Control-Allow-Methods: POST, PUT, GET, OPTIONS, DELETE
\nAccess-Control-Max-Age: 3600
\nAccess-Control-Allow-Headers: Content-Type, x-requested-with, Content-Country , Content-Region, X-Auth-Token, Region, content-country, content-region, x-auth-token, region
\nX-Kong-Upstream-Latency: 9
\nX-Kong-Proxy-Latency: 0
\nVia: kong\/0.8.3<\/p>\n

{“CommitMessage”:”hooks dependency removed”,”CommitId”:”c003fe573436d3cee33c5753fd8ca7b12e08f1b8″,”mysql_status”:200,”status”:200,”home_hazelcast_status”:200,”CommitAuthor”:”yyyy “,”Version”:”qa-12.3.4″,”CommitMerge”:””,”CommitDate”:”Fri Jul 15 14:43:04 2016 +0530″}<\/p>\n

Step 3: Enabling authentication plugin in Kong:<\/b><\/p>\n

[js]curl -i -X POST \\
\n –url http:\/\/localhost:8001\/apis\/app\/plugins\/ \\
\n –data ‘name=key-auth’
\n[\/js]<\/p>\n

HTTP\/1.1 201 Created
\nDate: Thu, 28 Jul 2016 03:37:58 GMT
\nContent-Type: application\/json; charset=utf-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nAccess-Control-Allow-Origin: *
\nServer: kong\/0.8.3<\/p>\n

{“api_id”:”f4cf8a4e-88fd-49f1-85d2-1dbaae256547″,”id”:”4e951c2e-3c24-4b23-95bb-13c96769ef6f”,”created_at”:1469677078000,”enabled”:true,”name”:”key-auth”,”config”:{“key_names”:[“apikey”],”hide_credentials”:false}}<\/p>\n

Step 4: Accessing API via Kong after enabling key-auth plugin:<\/b><\/p>\n

[js]curl -i -X GET \\
\n –url http:\/\/localhost:8000\/ \\
\n –header ‘Host: xxxxxxxxxx.com’
\n[\/js]<\/p>\n

HTTP\/1.1 401 Unauthorized
\nDate: Thu, 28 Jul 2016 03:39:11 GMT
\nContent-Type: application\/json; charset=utf-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nWWW-Authenticate: Key realm=”kong”
\nServer: kong\/0.8.3<\/p>\n

{“message”:”No API Key found in headers, body or querystring”}<\/p>\n

As a result, Kong is blocking all requests without the authentication. Now, we have to add an authorized consumer to Kong to access the application.<\/p>\n

Step 5: Creating an authorized Consumer to access the API via Kong:<\/b><\/p>\n

[js]
\ncurl -i -X POST \\
\n –url http:\/\/localhost:8001\/consumers\/ \\
\n –data "username=myuser"
\n[\/js]<\/p>\n

HTTP\/1.1 201 Created
\nDate: Thu, 28 Jul 2016 03:41:40 GMT
\nContent-Type: application\/json; charset=utf-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nAccess-Control-Allow-Origin: *
\nServer: kong\/0.8.3<\/p>\n

{“username”:”myuser”,”created_at”:1469677300000,”id”:”364ae246-2965-43f5-b424-68d6b1dfe681″}<\/p>\n

Step 6: Creating an api-key for authorized Consumer:<\/b><\/p>\n

[js]curl -i -X POST \\
\n –url http:\/\/localhost:8001\/consumers\/myuser\/key-auth\/ \\
\n –data ‘key=mykey’
\n[\/js]<\/p>\n

HTTP\/1.1 201 Created
\nDate: Thu, 28 Jul 2016 03:42:52 GMT
\nContent-Type: application\/json; charset=utf-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nAccess-Control-Allow-Origin: *
\nServer: kong\/0.8.3<\/p>\n

{“key”:”mykey”,”consumer_id”:”364ae246-2965-43f5-b424-68d6b1dfe681″,”created_at”:1469677372000,”id”:”5c682d7c-8a62-473b-92a4-1127eb3a2d09″}<\/p>\n

Step 7: Validating the above set credentials for authorized Consumer:<\/b><\/p>\n

[js]curl -i -X GET \\
\n –url http:\/\/localhost:8000\/heartbeat \\
\n –header "Host: xxxxxxxxxx.com" \\
\n –header "apikey: mykey"
\n[\/js]<\/p>\n

HTTP\/1.1 200 OK
\nDate: Thu, 28 Jul 2016 03:45:07 GMT
\nContent-Type: application\/json;charset=UTF-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nServer: nginx\/1.4.6 (Ubuntu)
\nAccess-Control-Allow-Origin: *
\nAccess-Control-Allow-Methods: POST, PUT, GET, OPTIONS, DELETE
\nAccess-Control-Max-Age: 3600
\nAccess-Control-Allow-Headers: Content-Type, x-requested-with, Content-Country , Content-Region, X-Auth-Token, Region, content-country, content-region, x-auth-token, region
\nX-Kong-Upstream-Latency: 9
\nX-Kong-Proxy-Latency: 0
\nVia: kong\/0.8.3<\/p>\n

{“CommitMessage”:”hooks dependency removed”,”CommitId”:”c003fe573436d3cee33c5753fd8ca7b12e08f1b8″,”mysql_status”:200,”status”:200,”home_hazelcast_status”:200,”CommitAuthor”:”yyyy “,”Version”:”qa-12.3.4″,”CommitMerge”:””,”CommitDate”:”Fri Jul 15 14:43:04 2016 +0530″}<\/p>\n

Step 8: Kong blocking requests for unauthorized Consumer:<\/b><\/p>\n

[js]curl -i -X GET –url http:\/\/localhost:8000\/heartbeat –header "Host: xxxxxxxxxx.com" –header "apikey: mykeynew"[\/js]<\/p>\n

HTTP\/1.1 403 Forbidden
\nDate: Thu, 28 Jul 2016 03:51:14 GMT
\nContent-Type: application\/json; charset=utf-8
\nTransfer-Encoding: chunked
\nConnection: keep-alive
\nServer: kong\/0.8.3<\/p>\n

{“message”:”Invalid authentication credentials”}<\/p>\n

In this \u00a0way, we can do the API authentication via Kong keeping the backend application lightweight and focusing only on the product and Kong handling all the other services around the application.<\/span>
\n<\/span>
\n<\/span>In my next blog, I\u2019ll be demonstrating some advanced use-cases with Kong API Gateway.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

  Kong is an open-source, customizable, Nginx-based and scalable API middleware (API Gateway).Kong can be configured in front of any RESTful API and let the developers concentrate more on implementing business logic without caring about functionalities like authentication mechanism, rate limiting, logging, \u00a0internal communications between APIs, carrying out communication with public entities and other organizations.\u00a0It’s […]<\/p>\n","protected":false},"author":170,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":90},"categories":[1174,2348,7,1],"tags":[3817,3820,3824,3819,3816,3822,3821,3823,3818],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/38484"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/170"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=38484"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/38484\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=38484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=38484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=38484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}