DocsICP FilingConsole
官方文档
首页

Consumer authentication

更新时间:
复制 MD 格式
产品详情
我的收藏

Model API consumer authentication verifies a caller's identity for precise control over API access. It provides fine-grained management in multitenancy environments, isolates sensitive data, ensures call compliance, and prevents unauthorized access and resource abuse.

Policy

  • Security:

    • Consumer authentication blocks unauthorized users and systems from accessing sensitive resources by verifying their identity, for example, with an API key.

    • This authentication helps prevent malicious activities such as web scraping, API abuse, and DDoS attacks.

  • In a multitenancy system, consumer authentication lets you assign independent access permissions to different tenants, ensuring each tenant can only access their own data.

  • You can combine consumer authentication with a throttling policy to configure rules for each consumer based on Token consumption, keeping usage within the allocated quota.

Use cases

  • Multitenant systems: Assign unique API access permissions to different tenants on an open platform to ensure data isolation and security.

  • Open platforms: Provide controlled API access to third-party developers to ensure platform security and stability.

  • Ensure only authorized services can call specific AI interfaces within a microservices architecture.

  • Paid service management: Control access to premium features or large models based on a user's subscription level or permissions.

Procedure

Note

After enabling consumer authentication, you can configure a throttling policy for each consumer based on Token consumption. The system automatically throttles requests that exceed the predefined usage limit.

  1. Log on to the AI Gateway console and choose Instance. In the top menu bar, select a region, then click the target instance ID.

  2. In the navigation pane on the left, choose Model API, then click the target API name to go to the API Details page.

  3. Click the Consumer certification tab. To the right of Configuration Information, click Edit. In the API-level Consumer Authentication dialog box that appears, turn on the Status switch, select an Authentication Method, and click OK.

    Important

    After you enable consumer authentication, a consumer cannot access the API without authorization.

    Parameter

    Description

    Status

    Enables or disables consumer authentication. It is disabled by default.

    Authentication Method

    The method used for consumer authentication. The following methods are supported: API key and JWT.

    • A client must include the key in its requests. The gateway then verifies the API key's validity and permissions.

    • JSON Web Token (JWT) securely transmits information between a client and server as a JSON object. This information is trustworthy because it is digitally signed using an HMAC algorithm or a public/private key pair with RSA or ECDSA. JWT authentication allows the gateway to verify identities and control authorized access.

  4. Click Authorization, select a consumer, and then click Add.

    If no consumer exists, click the Consumers drop-down list and select Create Consumer.

Previous:Tool refinementNext:AI observability