Moesif API Monetization and Analytics

The Moesif plugin helps you understand customer API usage and monetize your APIs with usage-based billing by logging API traffic to Moesif API Monetization and Analytics.

Moesif enables you to:

• Analyze customer API usage
• Get alerted of issues
• Monetize APIs with usage-based billing
• Enforce quotas and contract terms
• Guide users

This plugin supports automatic analysis of high-volume REST, GraphQL, XML/SOAP, and other APIs without adding latency.

This plugin logs API traffic to Moesif API Analytics and Monetization. It batches data and leverages an asynchronous design to ensure no latency is added to your API.

Moesif natively supports REST, GraphQL, Web3, SOAP, JSON-RPC, and more. Moesif is SOC 2 Type 2 compliant and has features like client-side encryption so data stays private to your organization.

You can install the Moesif API Monetization and Analytics plugin via LuaRocks. A Lua plugin is distributed in .rock format, which is a self-contained package that can be installed locally or from a remote server.

1. Install the Moesif API Monetization and Analytics plugin:

   luarocks install --server=http://luarocks.org/manifests/moesif kong-plugin-moesif
   

2. Update your loaded plugins list in Kong Gateway.

   In your kong.conf, append moesif to the plugins field. Make sure the field isn’t commented out.

   plugins = bundled,moesif
   

3. Restart Kong Gateway:

   kong restart
   

For all plugin versions, see the package on Luarocks.

If you are using the Kong Ingress Controller, the installation is slightly different. Review the custom plugin docs for the Kong Ingress Controller.

This plugin automatically identifies API users so you can associate a user’s API traffic to user data and other app analytics. The default algorithm covers most authorization designs and works as follows, by order of precedence:

1. If the config.user_id_header option is set, read the value from the specified HTTP header key in config.user_id_header.
2. Else, if Kong Gateway has a value defined for x-consumer-custom-id, x-consumer-username, or x-consumer-id (in that order), use that value.
3. Else, if an authorization token is present in config.authorization_header_name, parse the user ID from the token as follows:
   • If header contains Bearer, base64-decode the string and use the value defined by config.authorization_user_id_field (default value is sub).
   • If header contains Basic, base64-decode the string and use the username portion (before the : character).

For advanced configurations, you can define a custom header containing the user ID via config.user_id_header or override the options config.authorization_header_name and config.authorization_user_id_field.

You can associate API users to companies for tracking account-level usage similar to user-level usage. This can be done in one of the following ways, by order of precedence:

1. Define config.company_id_header. Moesif will use the value present in that header.
2. Else, use the Moesif update user API to set a company_id for a user. Moesif will associate the API calls automatically.
3. Else, if an authorization token is present in config.authorization_header_name, parse the company ID from the token as follows:
   • If header contains Bearer, base64-decode the string and use the value defined by config.authorization_company_id_field (default value is null).

See the Moesif documentation for more info on identifying customers.