# How to Use the Kong Gateway Key Authentication Plugin

This tutorial will walk through a common use case for the Kong Gateway Key Authentication plugin: using API key authentication to protect a route to an API server endpoint. [Install Kong Gateway](https://konghq.com/install/?utm_source=youtube&utm_medium=social&utm_campaign=community)Install Kong Gateway.

1. Set up a Node.js Express API server with a single endpoint. ([0:30](https://www.youtube.com/watch?v=4qmu7jSODoY&t=30s)0:30)

2. Set up Kong Gateway to sit in front of an upstream service: our API server. ([2:30](https://www.youtube.com/watch?v=4qmu7jSODoY&t=150s)2:30)

3. Set up the Key Authentication plugin to protect the route by requiring a valid API key in the request header. If the user provides no key, they'll receive a 401 Unauthorized response. ([7:30](https://www.youtube.com/watch?v=4qmu7jSODoY&t=450s)7:30)

4. Use Kong to create a consumer (a valid user) and a credential (an API key). ([10:30](https://www.youtube.com/watch?v=4qmu7jSODoY&t=630s)10:30)

5. Demonstrate that a request through Kong—if it includes a valid API key—is forwarded to our API server. ([11:55](https://www.youtube.com/watch?v=4qmu7jSODoY&t=715s)11:55)

[Read the full tutorial blog post](https://konghq.com/blog/kong-gateway-key-authentication/?utm_source=youtube&utm_medium=social&utm_campaign=community)Read the full tutorial blog post.

The Kong Gateway Key Authentication Plugin provides a highly configurable API key management system that is simple to set up and quick to deploy. We’re going to see the ease and power of this plugin in our walkthrough.

If you have any additional questions, post them on [Kong Nation](https://discuss.konghq.com/)Kong Nation.

To stay in touch, join the [Kong Community](https://konghq.com/community/?utm_source=youtube&utm_medium=social&utm_campaign=community)Kong Community.