Skip to main content
Version: 13.x (Current)

Use static API Keys

The simplest authentication method you can implement with Mia-Platform is using the API Keys offered by our API Gateway (both Nginx or Envoy).

danger

The authentication method suggested in this scenario is straightforward but comes with a lower level of security. Therefore, we recommend using it only in use cases where APIs are not exposed on the public internet or in situations where security is not a critical aspect of the project (e.g., MVPs, internal projects, etc.).

Definition

You can define a static client key for each client that needs to consume the APIs of your project. You can then decide which client has access to which APIs by configuring the correct group expression in the Endpoints section.

Scenario1

The involved microservice of the flow are:

  1. API Gateway: Mia-Platform plugin available in Nginx or Envoy
  2. Authorization Service: Mia-Platform plugin
  3. The microservice connected to the endpoint

The picture above illustrates the three steps of the auth flow:

  1. The client sends their HTTP request to the endpoint of your project, placing their own API key in the client-key header (or in the mia_client_key cookie).
  2. The API gateway resolves the client type from the client-key header. Then, it calls the Authorization Service which is in charge to verify if the resolved client type has access to the requested endpoint.
  3. If the client type verification performed by the authentication service is successful, the API Gateway forwards the API call the right microservice of the project.

Tutorial steps

note

We suppose that you have already created an API Gateway in your project and you already have some endpoints you want to secure.

In order to implement the flow depicted above, you can perform the following steps on Mia-Platform Console:

  1. For each of the client that need to consume your HTTP APIs, create an API key:
    • Click on API Key
    • Click on Add new
    • Either manually create a key or generate a random one
    • Choose a meaningful name for your client and insert it in the ClientType textbox
    • Check the Active checkbox
    • Click on Create
  2. Secure the endpoints
    • Select the endpoint you want to secure in the Endpoints section
    • Check the box API Key required in the Security tab

Once you deploy the above configuration, your clients will be able to call the protected endpoint only by providing one of the configured API keys either in the client-key HTTP header or in the mia_client_key HTTP cookie.

Furthermore, you could need to have a more fine-grained authorization to your endpoint. For example, suppose to have three different clients of your project: A, B and C but you only want A and B to access your endpoint. In this case, you need to:

  1. Create the Authorization Service plugin from Marketplace
    • Click on Microservices
    • Click on Create a Microservice and select From Markeplace
    • Search authorization in the search bar
    • Select Authorization Service
    • Click on Create
  2. Secure the endpoint
    • Select the endpoint you want to secure in the Endpoints section
    • Use the User Group Permission textbox to choose which client type is authorized. For the example above you should insert:
      clientType === 'A' || clientType === 'B'