Skip to main content
All CollectionsConnectConnecting API GatewaysKong API Gateway
Connect Kong API Gateway
Connect Kong API Gateway

How to connect an new Kong API Gateway

Updated over 8 months ago

The following instructions summarize the detailed instructions found within the application when logged in.

The application instructions may provide additional files and parameters for your application and should be considered the master.

Kong API Loopback

The Kong API Loopback is a secure method of protecting your API Gateway.

Kong's routing architecture also enables it to act as a proxy for its own Admin API. This setup allows you to use Kong to implement detailed access control measures for the Admin API. To establish this configuration, you need to bootstrap a new Service. This involves setting the 'admin_listen' address as the 'url' for the Service.

For instance, suppose the Kong 'admin_listen' address is set to '127.0.0.1:8001', making it accessible only from localhost. Meanwhile, the port '8000' is handling proxy traffic and is likely exposed through 'myhost.dev:8000'.

We aim to expose the Admin API through the URL ':8000/admin-api' in a controlled manner. This can be achieved by setting up a Service and Route for it, accessible from '127.0.0.1'.

curl -X POST http://127.0.0.1:8001/services \ 
--data name=admin-api \ 
--data host=127.0.0.1 \ 
--data port=8001 

curl -X POST http://127.0.0.1:8001/services/admin-api/routes \ 
--data paths[]=/admin-api

The name and path of the service must be admin-api

Now, we can access the Admin API externally, bypassing '127.0.0.1' through the proxy server.

curl myhost.dev:8000/admin-api/services { "data":[ { 
"id": "653b21bd-4d81-4573-ba00-177cc0108dec", 
"created_at": 1422386534, 
"updated_at": 1422386534, 
"name": "admin-api", 
"retries": 5, 
"protocol": "http", 
"host": "127.0.0.1", 
"port": 8001, 
"path": "/admin-api", 
"connect_timeout": 60000, 
"write_timeout": 60000, 
"read_timeout": 60000 } ], 
"total":1 }

The new SERVICE path in this example case is: http://127.0.0.1:8001/services/admin-api

Key Authentication

In order to grant Apiable secure access to your Kong API Gateway please generate a new Key on the service you created above.

To do this, use the following call, substituting the consumer ID you created in the previous step.

curl -X POST http://localhost:8001/services/admin-api/plugins \ --data name=key-auth

The output of this request is a KEY.

Insert your service URL and Key into the Apiable form fields:

Clicking on test will check if your connection is successful.

Note: Your KEY is write-only. If you want to test your gateway connection you will need to enter your KEY each time.

Whitelisting

For additional security, Apiable suggests restricting access to your admin-api service.

curl -X POST http://localhost:8001/services/admin-api/plugins \
 --data "name=ip-restriction" \
 --data "config.allow=127.0.0.0/24"

Upon request, Apiable will provide you with the IP address of your Portal.

Did this answer your question?