Skip to content

Key authentication

This page explains how to create and use API keys using Traefik Hub as an IdP to authenticate API requests.

Introduction

Key authentication for APIs is a method that utilizes unique keys to authenticate and authorize access to APIs.

API consumers can generate API keys in the Traefik Hub Portal or use JWT (JSON Web Token) to authorize.

This walk-through uses the default Traefik Hub configuration.
API keys are managed via the API Portal and stored in Traefik Hub.

Before you begin

Before getting started, please make sure to check our APIAccess CRD and our tutorial about user management.

Set up keys

In Traefik Hub, you configure API keys for authentication through API Portals.

The tokens are tied to the user.
If you add a key on one Portal, it will appear on other Portals, even on other agents.

First log into an API Portal and select Settings in the left bottom corner.

Select Settings

Select Settings

In the second step, select Create token to generate a new key.

Custom API Portal

Select Create token

Enter a name for the token and select Create.

Select Create

Enter a name and select Create

In the next step, save the token and after saving, select Ok, got it.

Copy and save the token

Copy and save the token

Your new key is created and displayed in the overview page.

Token overview

Key overview

Swagger UI

First, choose the API you want to use, this example uses the Flight API.
Select the Authorize button on the right.

To enable authorization, choose the authorization type for the API and add your API key.

  • Bearer token: The API key is included in the request header
  • API key: You send the key-value pair to the API as query parameter

Select Authorize

Select Authorize

Second, add your bearer token or API key to the apiKey field and select Save.
As the last step, select Close.

Bearer token

Add the key

Add the API key

API key

Add the key

Add the API key

Congratulations, now you're ready to send requests!

To send requests using the Swagger UI, choose an API endpoint and select Try it out.

Select Try it out

Select Try it out

Select Execute to send requests.

Send requests through the Swagger UI

Send requests through the Swagger UI

CLI

The following examples show how to use curl and HTTPIe to send API requests using an API key for authentication.

Field Description
$PORTAL-URL The base URL of your Portal, for example api.example.com.
$API-KEY The API key of the consumer

Curl

curl -X 'GET' \
  'https://$GATEWAY-URL/flights/flights' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer XXXX'
[
  {
    "id": 1,
    "code": "TL123",
    "src": "JFK",
    "dest": "CDG"
  },
  {
    "id": 2,
    "code": "TL234",
    "src": "CDG",
    "dest": "JFK"
  },
  {
    "id": 3,
    "code": "TL345",
    "src": "CDG",
    "dest": "LYS"
  }
]
curl -X 'GET' \
  'https://$PORTAL_URL/flights/flights?limit=1&api_key=$API-KEY' \
  -H 'accept: application/json'
[
  {
    "id": 1,
    "code": "TL123",
    "src": "JFK",
    "dest": "CDG"
  },
  {
    "id": 2,
    "code": "TL234",
    "src": "CDG",
    "dest": "JFK"
  },
  {
    "id": 3,
    "code": "TL345",
    "src": "CDG",
    "dest": "LYS"
  }
]

What's next