Agent API consumer authentication verifies the identity of callers through API key and JWT authentication methods, precisely controls API access permissions, implements fine-grained control for multitenancy, ensures sensitive data isolation and compliant invocation, and effectively prevents unauthorized access and resource abuse.
Policy description
Security:
Prevents unauthorized access: Consumer authentication validates the identity of the requester, such as using an API key, to effectively prevent unauthorized users or systems from accessing sensitive resources.
Prevents malicious attacks: The authentication mechanism helps prevent malicious behaviors such as web scraping, API abuse, and DDoS attacks.
Multi-tenant data isolation: In a multitenancy environment, you can use consumer authentication to assign independent access permissions to different tenants. This ensures that each tenant can access only their own data.
Usage control: By combining the authentication mechanism with a throttling policy, you can configure a throttling rule for each consumer account based on token consumption to ensure that usage is within the quota.
Scenarios
Multi-tenant systems: In an open platform, you can assign independent API access permissions to different tenants to ensure data isolation and security.
Open platforms: You can provide third-party developers with controlled API access permissions to ensure the security and stability of the platform.
Internal system calls: In a microservices model, you can ensure that only authorized services can call specific AI interfaces.
Paid service management: You can control access to advanced features or large models based on a user's subscription level or permissions.
Procedure
After consumer authentication is enabled, you can configure a throttling rule based on token usage for each consumer account. When the preset resource usage is exceeded, throttling is automatically triggered.
Log on to the AI Gateway console, and select the region where your instance is located.
Go to the target instance page. In the left-side navigation pane, choose Agent API.
Select the Consumer certification tab. To the right of Configuration Information, click Edit and configure the following parameters:
ImportantAfter consumer authentication is enabled, only authorized consumers can access the API.
Status: Enable or disable consumer authentication. It is disabled by default.
Authentication Method: The supported authentication methods are API Key and JWT.
API Key: When a client makes a request, it must include the API key. The gateway then validates the key and its associated permissions.
JSON Web Token (JWT): A standard used to securely transmit information between a client and a server as a JSON object. This information is verifiable and trustworthy because it is digitally signed using an algorithm such as HMAC, RSA, or ECDSA. The gateway can use a JWT to validate a caller's identity and control access.
In the Consumers section, click Authorization and select a consumer. If no consumer exists, click Create Consumer to create one. Then, click Add.