A consumer typically refers to an entity that consumes or uses the APIs managed by Kong Gateway. Consumers can be applications, services, or users who interact with your APIs. Since they are not always human, Kong Gateway calls them consumers, because they “consume” the service. Kong Gateway allows you to define and manage consumers, apply access control policies, and monitor their API usage.
Consumers are essential for controlling access to your APIs, tracking usage, and ensuring security. They are identified by key authentication, OAuth, or other authentication and authorization mechanisms. For example, adding a Basic Auth plugin to a service or route allows it to identify a consumer, or block access if credentials are invalid.
You can choose to use Kong Gateway as the primary datastore for consumers, or you can map the consumer list to an existing database to keep consistency between Kong Gateway and your existing primary datastore.
By attaching a plugin directly to a consumer, you can manage specific controls at the consumer level, such as rate limits.
flowchart LR A(Consumer entity) B(Auth plugin) C[Upstream service] Client --> A subgraph id1[Kong Gateway] direction LR A--Credentials-->B end B-->C