Skip to main content

ApiKey

pylon_auth::api_key

Struct ApiKey 

Source 
pub struct ApiKey {
    pub id: String,
    pub user_id: String,
    pub name: String,
    pub prefix: String,
    pub secret_hash: String,
    pub scopes: Option<String>,
    pub expires_at: Option<u64>,
    pub last_used_at: Option<u64>,
    pub created_at: u64,
}
Expand description

One stored API key. The secret_hash is what’s persisted; the plaintext secret is returned to the caller exactly once at create time (see ApiKeyStore::create).

Fields§

§id: String

Stable identifier — what the dashboard / management UI lists. Format: key_<24-char-base64url>. Distinct from prefix so a user can revoke by id without seeing the secret prefix.

§user_id: String

User who owns this key. Auth context resolves to this user_id when the key authenticates.

§name: String

Friendly name set by the owner. Free-form; UI-only.

§prefix: String

First 16 chars of the FULL plaintext token (pk.key_<8 id chars>). Safe to display in management UIs since this prefix encodes only the key id, not any of the secret material — the secret starts AFTER the second . separator. Lets the user distinguish keys by sight without ever exposing the secret.

§secret_hash: String

HMAC-SHA256 hash of the secret using a server-side pepper (PYLON_API_KEY_PEPPER, or a fixed dev pepper when unset). Verified at request time via constant-time compare.

Why HMAC-SHA256, not Argon2? Argon2 exists to slow brute force of LOW-entropy passwords. API key secrets are 32 random bytes (256 bits) — brute force is computationally infeasible regardless of hash speed. Using Argon2 here would add ~50ms of latency per request for zero security benefit. SHA-256 HMAC at ~1µs gives the same effective security plus 50000× throughput.

§scopes: Option<String>

Comma-separated scope strings. Application-defined; pylon stores opaquely.

§expires_at: Option<u64>

Unix timestamp at which this key stops being valid. None for no-expiry keys.

§last_used_at: Option<u64>

Unix timestamp of the most recent successful auth — refreshed on every verify. None until the first use.

§created_at: u64

Trait Implementations§

Source§

impl Clone for ApiKey

Source§

fn clone(&self) -> ApiKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ApiKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl PartialEq for ApiKey

Source§

fn eq(&self, other: &ApiKey) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for ApiKey

Source§

impl StructuralPartialEq for ApiKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more