Authentication
While APIs exists to primarily exchange data between providers/businesses and consumers, not all data should be accessible to API consumers, especially business internal data and sensitive Personal Identifiable Information(PII), subject to data protection and compliance policies set by regulatory bodies like General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS).
This tutorial uses the basic-auth
plugin to authenticate its API consumers and grant them access to different endpoints.
Prerequisite(s)
- Access to the Stargate GUI
- A configured route. Follow these steps to configure a route.
Step 1: Enable basic-auth Authentication
The basic-auth
plugin lets API consumers to authenticate and access an API endpoint with a username and password.
You can enable this plugin by enabling it during route configuration. Thus, consumers without auth details are denied access.
Step 2: Create consumers
pCDN consumers consume the APIs coming through the distributed pCDN gateway, and authenticating these users helps secure the access and consumption of your APIs.
For this, guide, we'll create two different users, with access to /user-data
, /home
, /cart
and /email
endpoints.
Follow these steps to create the consumers with basic-auth details:
- Navigate to Consumer from your Stargate dashboard.
- Click +Create
- Enter a name and description(optional) for your first consumer. Click Next
- Under plugin, click Enable from the basic-auth card under the Authentication section. This opens the Plugin Editor.
- Enter a username and password for the user.
- Click Next. Review your configurations from steps 3-5.
- Click Submit
Repeat steps 3-5, but with a different name and password for users b.