API Key Authentication
Authenticate requests with Zuplo's fully managed API Key service. This policy is the easiest way to secure your API and can be combined with other policies like Rate limiting, quotas, and more to build a fully featured API to support your partners, developers, or customers.
For more information on Zuplo's API Key Management service and options enabling self-serve API Key management see the following resources:
The configuration shows how to configure the policy in the 'policies.json' document.
Using the Policy
Adding API Key authentication to your Zuplo API takes only a few minutes. This document shows you how to add the policy to your routes, create an API key, and make a request using the API Key.
Add the API Key Policy
The first step to setting up API Key authentication is to add the API Authentication policy to a route in your project.
In the Zuplo Portal open the Route Designer in the Files tab then click routes.oas.json.
Select or create a route that you want to authenticate with API Keys. Expand the Policies section and click Add Policy. Search for and select the Auth0 JWT Auth policy.
With the policy selected, you will see the configuration and information about the options. For this tutorial just leave the options as they are and click OK to save the policy.
Create an API Key
In order to make a request to the route, you'll need an API Key.
In the Zuplo Portal open the API Key Consumers section in the Settings tab.
Click the button Add New Consumer.
In the form that appears, enter a value for the Subject such as
my-test. You can leave the other fields empty. Click OK to create the consumer.
- Now you can see the newly created consumer and its default API key. Select the Copy button to copy the API Key. You will use this value in the next section.
Test the Policy
Finally, you'll make two API requests to your route to test that authentication is working as expected.
In the route designer on the route you added the policy, click the Test button. In the dialog that opens, click Test to make a request.
The API Gateway should respond with a 401 Unauthorized response.
- Now to make an authenticated request, add a header to the request called
Authorization. Set the value of the header to
YOUR_API_KEYwith the value of the API Key you copied in the previous section.
- Click the Test button and a 200 OK response should be returned.
You have now setup API Key Authentication on your API Gateway.
See this document for more information about API Keys and API Key Management with Zuplo.
Writing Tests with the Auth Policy
For information on running tests while using API Key Authentication see the document Testing API Key Authentication.
Read more about how policies work