Authentication in Kafka

Applies to ReadyAPI 3.10, last modified on October 07, 2021

By default, ReadyAPI supports authentication to Kafka brokers and schema registries using the SASL/PLAIN method with the SSL encryption. This is a common way of authentication in Confluent. To use other authentication methods, you need to specify authentication parameters manually.

SASL/PLAIN with SSL encryption

In ReadyAPI, this authentication method is implemented through the Basic authorization profile:

  1. Create a Basic authorization profile:

    Authentication to Kafka: Create authorization profile

    Click the image to enlarge it.

    Authentication to schema registry: Create authorization profile

    Click the image to enlarge it.

    Schema registry connection settings are only available when the JSON via Avro (Confluent) message format is selected.
  2. Enter credentials:

    • Username – Username or the API key.
    • Password – User password or the client secret.
    Authentication to Kafka: Enter API key and secret

    Click the image to enlarge it.

  3. Select the profile:

    Authentication to Kafka: Select profile
    Authentication to schema registry: Select profile

Other authentication methods

If your Kafka broker uses another authentication method, you should set the Authorization Profile to No Authorization and add custom authentication parameters to the Connection Settings. For example, to specify the SASL/PLAIN method without SSL encryption, you will need to specify the following parameters:

Name Value
sasl.mechanism PLAIN
security.protocol SASL_PLAINTEXT
sasl.jaas.config required username="Username or API key" password="Password or Client secret";
Authentication to Kafka: Custom parameters

Click the image to enlarge it.

To learn which parameters you need for other authentication methods, see the documentation of your Kafka provider.

Next Steps

See Also

AMQP Testing
Testing Internet of Things (IoT)

Highlight search results