Advanced Kong Integration

This guide explains the creation of a "loop-back" API inside Kong to expose your Admin API to Gelato in a secure manner.

If you just want to integrate Gelato with Kong, you should check out the Using Gelato with Kong Guide instead.

If you're interested in exactly what the Gelato/Kong shell script is doing, read on!

Step 1: Create the "loop-back" API

To start with, we'll use curl to create a "loop-back" API - that is, we'll point the upstream_url for our API back at http://localhost:8001 (the default address for the Kong Admin API)

curl -X POST http://localhost:8001/apis \
  -d "name=admin-loop-back" \
  -d "request_path=/admin-loop-back" \
  -d "upstream_url=http://localhost:8001" \
  -d  "strip_request_path=true"

This command creates the new API by POSTing to the /apis endpoint of the Admin API. We're telling Kong to proxy any requests to /admin-loop-back through to http://localhost:8000, and we're also telling to strip the request path (otherwise all the requests that Kong recieves would be prefixed by /admin-loop-back).

Step 2: Add API Key Authentication

curl -X POST http://localhost:8001/apis/admin-loop-back/plugins \
  -d "name=key-auth"

Does what it says on the tin - we definitely want our new API to be protected, so we're enabling the key-auth plugin.

Step 3: Create a Consumer

curl -X POST http://localhost:8001/consumers \
  -d "username=loop-back-consumer"

This POST request creates a Kong API consumer - this is so we can create API credentials and access our API!

Step 4: Create an API Key for our Consumer

curl -X POST http://localhost:8001/consumers/loop-back-consumer/key-auth -d ""

This will generate a new API key for our user (if you want a specific key, you can specify it with the -d key=YOUR_KEY_HERE option).

Save the API Key that was just printed out, you'll need it to access your new API!

Step 5: Access our Loop Back API!

Now we can curl our loop-back API with our new API Key:

curl -X GET -H "apikey:API_KEY_FROM_STEP_4" http://localhost:8000/admin-loop-back

You should see the "Welcome to Kong" response. Congratulations, you've created a loop-back API.

Why?

So why is this useful? Well, in short, it means you can now access the Kong Admin API from outside the server, and integrate it with other services (like, say, Gelato!)

So if your Kong server is accessible at https://myawesomekongapi.com, the above command could equally be:

curl -X GET -H "apikey:API_KEY_FROM_STEP_4" https://myawesomekongapi.com/admin-loop-back

And you could run that from anything with a connection to the internet - your laptop, your phone, maybe even your watch! :watch: