Edit this Page
Report an Issue

Authentication

What is authentication?

Authentication is the process of verifying that a requester has permissions to access a resource. As its name implies, API gateway authentication controls the flow of data between clients and the gateway.

With Kong Gateway controlling authentication, requests won’t reach upstream services unless the client has successfully authenticated. This means upstream services process pre-authorized requests, freeing them from the cost of authentication, which is a savings in compute time and development effort.

Kong Gateway has a library of plugins that support the most widely used methods of API gateway authentication.

Basic Authentication

Basic authentication is a simple authentication method that uses a base64-encoded username and password combination as token.

Key Authentication

Key authentication generates an API key for a consumer, which can be passed in an apikey header to access services and routes.

Open-source plugin:

Advanced Enterprise plugin with enhanced capabilities:

LDAP Authentication

LDAP is a protocol that uses a directory to check credentials provided by a client.

Open source plugin:

Advanced Enterprise plugin with enhanced capabilities:

OAuth 2.0 Authentication

OAuth 2.0 is a protocol that relies on an application to authorize access to services and routes.

OpenID Connect Authentication

OpenID Connect (OICD) is an authentication protocol based on OAuth 2.0. It works with identity providers to verify a user’s identity without storing credentials.

SAML Authentication

SAML is a standard used to exchange authentication and authorization information between an identity provider and a service provider.

Why is authentication important?

With Kong Gateway controlling authentication, requests won’t reach upstream services unless the client has successfully authenticated. This means upstream services process pre-authorized requests, freeing them from the cost of authentication, which is a savings in compute time and development effort.

Kong Gateway has visibility into all authentication attempts, which provides the ability to build monitoring and alerting capabilities supporting service availability and compliance.

For more information, see What is API Gateway Authentication.

Authentication in Kong Gateway

Kong Gateway provides several plugins to add authentication to the Kong Gateway API.

See all authentication plugins

Authentication in KIC

KIC relies on Kong Gateway’s Plugins, but configuring them with Kong Ingress Controller is different.

Rather than attaching a configuration directly to a service or route, you create a KongPlugin definition and then annotate your Kubernetes resource with the konghq.com/plugins annotation.

Add authentication using KIC

How-to Guides

Did this doc help?

Yes No
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support