Realms for external Consumers in Konnect

You can authenticate consumers that are managed centrally in Konnect by configuring the identity_realms field in the Key Auth plugin. A Data Plane can only reach out to realms in the same region as they are deployed.

identity_realms are scoped to the Control Plane by default (scope: cp). The order in which you configure the identity_realms dictates the priority in which the Data Plane attempts to authenticate the provided API keys. See the realm priority reference for details.

For a full tutorial of this example, see Create a centrally-managed Consumer in Konnect.

Prerequisites

  • You have a realm configured with an associated Control Plane in Konnect. You can do this with the /realms endpoint.

Environment variables

  • REGION: Region for your Konnect instance.

  • REALM_ID: The ID of the realm you created in the prerequisites.

Set up the plugin

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!