pub fn verify_api_key(
keys: &[String],
header: &HeaderName,
headers: &HeaderMap,
) -> Option<String>Expand description
Check a request against the set of accepted API keys. A key may be presented either as
Authorization: Bearer <key> or in the configured header (default X-API-Key). Returns
the principal (a stable, non-reversible id derived from the matched key) on success. The
comparison is constant-time and scans all keys so timing doesn’t reveal which key — if
any — matched.