Expand description
API key authentication for machine-to-machine access.
Provides key generation (prefixed, hashed), a provider trait for storage-agnostic verification, and middleware for route protection.
§Key Format
Keys follow the fe_{env}_{random} pattern (similar to Stripe):
fe_live_prefix for production keysfe_test_prefix for test/development keys- 43 random base62 characters for the secret portion
§Example
ⓘ
use ferro_rs::{ApiKeyMiddleware, generate_api_key};
// Generate a new key (show raw_key once, store prefix + hash)
let key = generate_api_key("live");
println!("API Key: {}", key.raw_key); // show once
// Store key.prefix and key.hashed_key in database
// Protect routes with middleware
group!("/api/v1")
.middleware(ApiKeyMiddleware::new())
.routes([...]);
// Require specific scopes
group!("/api/v1/admin")
.middleware(ApiKeyMiddleware::scopes(&["admin"]))
.routes([...]);Structs§
- ApiKey
Info - Information about an authenticated API key, available in request extensions.
- ApiKey
Middleware - Middleware that authenticates requests via API key in the Authorization header.
- Generated
ApiKey - Result of generating a new API key.
Traits§
- ApiKey
Provider - Storage-agnostic API key verification.
Functions§
- generate_
api_ key - Generate a new API key for the given environment.
- hash_
api_ key - Compute the SHA-256 hex digest of a raw API key.
- verify_
api_ key_ hash - Constant-time comparison of a raw key against a stored hash.