API Gateway using Kong : HMAC Authentication

Testing api gateway

Why Kong API Gateway ?

https://konghq.com/kong

1.Support Community & Enterprise
2.Support on Premise
3.Running on Top Nginx
4.Support auth, security, traffic control, logging
5.Support custom Plugin
6.Support API management (custom CMS)
7.Complete, ready and easy to manage with community version

Web Manager with Konga

https://github.com/pantsel/konga

Setup API with Three Step

1. Create service and assign route : endpoint
 
2. Apply plugin service:
 - auth : Basic Auth (username,password)
 - security : ACL specific consumer group, restrict IP
 - traffic control : rate limit
 - logging 
 
3. Create consumer 
 - apply group for ACL
 - apply security (basic auth)

1. Create Service and assign route

2. Apply Plugin: Basic Auth, ACL (consumer, IP) , Traffic Control (rate limit), Logging

3. Create Consumer

Testing

curl -X GET \
 http://localhost:8000/ok \
 -H ‘Authorization: Basic a29kb2s6bG9tcGF0’ \
 -H ‘Content-Type: application/json’ \

Authentication using HMAC

There are many API Authentication, one of them is using HMAC digital signature. The purpose of digital-signature is to publish the integrity of incoming request.

kong provide documentation how to use it https://docs.konghq.com/hub/kong-inc/hmac-auth/

And here is the code for its implementation in golang as client request to Kong

2019/10/20 22:21:07 url http://localhost:8000/ok
2019/10/20 22:21:07 username kodok
2019/10/20 22:21:07 secret 7hCgo4nzEIrmHHlzPcdGdaYEII5XCIGX
2019/10/20 22:21:07 signing date: Sun, 20 Oct 2019 15:21:07 GMT
POST /ok HTTP/1.1
2019/10/20 22:21:07 signature 0dlw8CsMix5snxulsVb5uKbPYAoHQVLdMoDRjgDSUtk=
2019/10/20 22:21:07 body testing
2019/10/20 22:21:07 authorization hmac username="kodok", algorithm="hmac-sha256", headers="date request-line", signature="0dlw8CsMix5snxulsVb5uKbPYAoHQVLdMoDRjgDSUtk="
2019/10/20 22:21:07 digestBodyHeader SHA-256=z4DNiu1ILV0VJ9fccvzv+E5jJlkoSER9LcCw6H38mpA=
2019/10/20 22:21:08 response {
  "startedDateTime": "2019-10-20T15:21:08.320Z",
  "clientIPAddress": "127.0.0.1",
  "method": "POST",
  "url": "http://localhost/request",
  "httpVersion": "HTTP/1.1",
  "cookies": {},
  "headers": {
    "host": "mockbin.org",
    "connection": "close",
    "x-forwarded-for": "127.0.0.1, 10.1.192.18, 54.209.226.208",
    "x-forwarded-proto": "http",
    "x-forwarded-host": "localhost",
    "x-forwarded-port": "80",
    "x-real-ip": "125.161.139.22",
    "kong-cloud-request-id": "be34adef6838cddde2f86ae925016f63",
    "kong-client-id": "mockbin",