Advanced Kong Integration
This guide explains the creation of a "loop-back" API inside Kong to expose your Admin API to Gelato in a secure manner.
If you just want to integrate Gelato with Kong, you should check out the Using Gelato with Kong Guide instead.
If you're interested in exactly what the Gelato/Kong shell script is doing, read on!
Step 1: Create the "loop-back" API
To start with, we'll use
curl to create a "loop-back" API - that is, we'll point the
upstream_url for our API back at
http://localhost:8001 (the default address for the Kong Admin API)
curl -X POST http://localhost:8001/apis \ -d "name=admin-loop-back" \ -d "request_path=/admin-loop-back" \ -d "upstream_url=http://localhost:8001" \ -d "strip_request_path=true"
This command creates the new API by
POSTing to the
/apis endpoint of the Admin API. We're telling Kong to proxy any requests to
/admin-loop-back through to
http://localhost:8000, and we're also telling to strip the request path (otherwise all the requests that Kong recieves would be prefixed by
Step 2: Add API Key Authentication
curl -X POST http://localhost:8001/apis/admin-loop-back/plugins \ -d "name=key-auth"
Does what it says on the tin - we definitely want our new API to be protected, so we're enabling the
Step 3: Create a Consumer
curl -X POST http://localhost:8001/consumers \ -d "username=loop-back-consumer"
This POST request creates a Kong API consumer - this is so we can create API credentials and access our API!
Step 4: Create an API Key for our Consumer
curl -X POST http://localhost:8001/consumers/loop-back-consumer/key-auth -d ""
This will generate a new API key for our user (if you want a specific key, you can specify it with the
-d key=YOUR_KEY_HERE option).
Save the API Key that was just printed out, you'll need it to access your new API!
Step 5: Access our Loop Back API!
Now we can
curl our loop-back API with our new API Key:
curl -X GET -H "apikey:API_KEY_FROM_STEP_4" http://localhost:8000/admin-loop-back
You should see the "Welcome to Kong" response. Congratulations, you've created a loop-back API.
So why is this useful? Well, in short, it means you can now access the Kong Admin API from outside the server, and integrate it with other services (like, say, Gelato!)
So if your Kong server is accessible at
https://myawesomekongapi.com, the above command could equally be:
curl -X GET -H "apikey:API_KEY_FROM_STEP_4" https://myawesomekongapi.com/admin-loop-back
And you could run that from anything with a connection to the internet - your laptop, your phone, maybe even your watch!