Skip to main content

Authentication

While APIs exists to primarily exchange data between providers/businesses and consumers, not all data should be accessible to API consumers, especially business internal data and sensitive Personal Identifiable Information(PII), subject to data protection and compliance policies set by regulatory bodies like General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS).

This tutorial uses the basic-auth plugin to authenticate its API consumers and grant them access to different endpoints.

Prerequisite(s)

Step 1: Enable basic-auth Authentication

The basic-auth plugin lets API consumers to authenticate and access an API endpoint with a username and password.

You can enable this plugin by enabling it during route configuration. Thus, consumers without auth details are denied access.

Step 2: Create consumers

pCDN consumers consume the APIs coming through the distributed pCDN gateway, and authenticating these users helps secure the access and consumption of your APIs.

For this, guide, we'll create two different users, with access to /user-data, /home, /cart and /email endpoints.

Follow these steps to create the consumers with basic-auth details:

  1. Navigate to Consumer from your Stargate dashboard.
  2. Click +Create
  3. Enter a name and description(optional) for your first consumer. Click Next
  4. Under plugin, click Enable from the basic-auth card under the Authentication section. This opens the Plugin Editor.
  5. Enter a username and password for the user.
  6. Click Next. Review your configurations from steps 3-5.
  7. Click Submit

Repeat steps 3-5, but with a different name and password for users b.