Configuring Kong Konnect
Setup the Gateway
The Moesif Developer Portal can be used with a running instance of Kong. To integrate Moesif and Kong, you can follow our guide that covers integrating Moesif and Kong in detail. Alternatively, you can also check out our integration documentation for Kong if you’re already an experienced Kong user. Once you have the integration set, you’ll be able to complete the rest of the Kong setup for the Developer Portal.
Configure the Gateway
Creating an Endpoint in Kong Manager
In order to use the developer portal to monetize your APIs, you’ll require an endpoint in Kong. If you already have an endpoint created, you can use this existing endpoint.
If you are using Kong Manager, you can create the endpoint by clicking Services in the left-side menu, under the API Gateway section. On the Services page, click the New Service button in the top-right corner to add a new service.
On the Create Service page, You will need to fill out the Name and, after selecting the Add using URL option, the URL field. For this example, you can fill them out with the following values:
Field | Value |
---|---|
Name | HttpBin |
URL | https://www.httpbin.org |
Once populated, click Create to create the service. After this, you’ll see your new services viewing page.
Next, we will create a route that will expose this service. To do this, click on Routes in the left-side menu, which is also under the API Gateway section.
On the Routes page, click on the Create Route button in the top-right corner of the screen to add the new route. On the Create Route screen, you’ll have a few values to fill out including the Service, Name, Protocols, Method(s), and Path(s) fields on the screen. For this example, you can fill out these fields with the following values:
Field | Value |
---|---|
Service | The service you just created, HttpBin |
Name | TestService |
Protocols | http, https |
Method(s) | GET |
Path(s) | /test-service |
Once populated, click Create to create the route. After this, you’ll see your new routes viewing page. With the endpoint creation complete, we can now move on to testing it to ensure it is configured correctly.
Testing the Endpoint
To test your newly created endpoint, you’ll want to use a tool like Postman or Insomnia. Alternatively, you could also just use a browser at this point too. In your tool, add your endpoint URL which will look like {KONG_URL}:PORT/test-service/
and send a GET request. If you are running Kong in Docker and have set up the endpoint as shown above, your URL will look like localhost:8000/test-service/
.
After the request has been sent, you should see a 200 OK
response as well as a response body containing the HttpBin contents (essentially a webpage). With our endpoint working, now let’s move on to securing it with an API key.
Configure Gateway Authentication
Adding Key Auth to All Endpoints
Since the Developer Portal generates API keys, is you must add and enable the Key-Auth plugin to our Kong endpoint. For simplicity, you can enable this plugin globally. If only you want to only apply Key-Auth to specific/monetized routes, you can do that as well.
In the Kong Manager Dashboard, you can add the plugin by clicking Plugins in the left-side menu, under the API Gateway section. On the Plugins page, you’ll click the New Plugin button to add a new plugin. On the Add New Plugin screen, you’ll find the Key-Authentication plugin by scrolling or searching, once found, click Enable.
On the Create new key-auth plugin screen, you’ll want to make sure that the This plugin is Enabled toggle is set to on
, the Global radio button is selected, and that Config.Key Names field is set to apikey
. By setting this to apikey
we can pass a field of the same name in the header and include our API key as the value.
Lastly, to save our plugin configuration, scroll down to the bottom of the screen and click Create. Now, our endpoint will be secured by the kay-auth plugin. To test it out, resend the request from earlier and you should get a 401 Unauthorized
response, and a message body stating No API key found in request
. If you are not getting this response, please refer to the Kong documentation for key-auth.
Configure the Developer Portal
Configuring the .env File
In the my-dev-portal-api
project, for the KONG_URL
, you’ll need to add in the URL of your Kong instance. Specifically the Kong admin API URL/port, not the gateway URL/port where traffic is proxied. If you’re running a local instance of Kong, by default this will be running on http://localhost:8001
. If this is the case, you can leave the value as is. If it is different or running remotely, you can change the value to point to the correct URL/port.
Kong Konnect
For Kong Konnect, the setup also requires you to add a few additional environment variables to the my-dev-portal-api/.env
file. You’ll want to add in the following key-values to the file:
KONNECT_API_URL="https://us.api.konghq.com"
KONNECT_API_VERSION="v2"
KONNECT_RUNTIME_GROUP_NAME="default"
KONNECT_PAT=""
for the KONNECT_API_URL
and KONNECT_API_VERSION
values, you’ll want to log into your Kong Konnect control plane and retrieve this. You can get this value by going to the Gateway Manager screen and selecting your control plane. In the next screen, you can grab the Admin API value (located in near the top of the screen) and truncate anything we don’t need.
The raw value will look like this: https://us.api.konghq.com/v2/control-planes/123-asd-etc
From this, we can populate our values like so:
KONNECT_API_URL="https://us.api.konghq.com"
KONNECT_API_VERSION="v2"
For the KONNECT_RUNTIME_GROUP_NAME
, you’ll use your Control Plane name. By default, this will be fittingly named default
.
KONNECT_RUNTIME_GROUP_NAME="default"
Lastly, we will generate a Konnect Personal Access Token. This can be done through the Konnect UI by going to your initials in the top-right of the screen and from the dropdown, selecting Personal Access Tokens.
From here, click Generate Token, give the token a Name and Expiration, then click Generate. Paste the returned value into the KONNECT_PAT
value.
KONNECT_PAT="kpat_FIZqQxICG6aEpA10nQ1TesTtEStTEST"
Connecting Kong to Moesif
The Moesif-Kong plugin makes it easy to get API call analytics funneled into Moesif. For instructions on how to do this, you can reference our integration documentation or a more in-depth step-by-step approach in our integration guide.
Once the Moesif-Kong integration and key-auth is been enabled, you should begin to see some API call metrics flowing into Moesif. You may also want to ensure that API calls are being blocked by the key-auth plugin in Kong for unauthenticated calls. When unauthorized calls are sent to Kong, the 401 Unauthorized
responses should also show up in Moesif.
Testing the Developer Portal
Once the Developer portal is configured, testing out all of the moving parts of the Developer Portal is crucial. Doing this ensures that everything is working as intended. See our detailed testing process here.