Skip to main content

verify_api_key

Function verify_api_key 

Source
pub fn verify_api_key(
    expected: Option<&NonEmptyString>,
    provided: Option<&str>,
) -> bool
Expand description

Uses constant-time verification to check API key correspondence.

If the API keys correspond, returns true, otherwise false.

ยงCryptographic security

The function short-circuits if lengths of expected and provided are unequal. While this allows an attacker to extract the key length, it is order of magnitudes safer than using a simple string equality test, which would allow the attacker to gradually know the exact key over many requests.