Expand description
API key authentication.
Provides static (env-based) and database-backed API key authentication.
When an X-API-Key header (or configured header) is present, the key is
hashed and looked up against configured storage. A valid key produces a
SecurityContext; a missing key falls through to JWT authentication.
§Security
- Keys are never stored or compared in plaintext — only SHA-256 hashes.
- Comparison uses constant-time equality (
subtle::ConstantTimeEq) to prevent timing side-channels. - Revoked keys (with
revoked_atset) are rejected.
Structs§
- ApiKey
Authenticator - API key authenticator.
- ApiKey
Config - API key configuration embedded in the compiled schema.
- Static
ApiKey Config - A single static API key entry from configuration.
Enums§
- ApiKey
Result - API key authentication result.
Functions§
- api_
key_ authenticator_ from_ schema - Build an
ApiKeyAuthenticatorfrom the compiled schema’ssecurity.api_keysJSON.