Module api_keys 

Generic API key generation + verification (argon2id-hashed). See api_keys::generate_key / api_keys::verify_key. Generic API key generation and verification.

For the tenancy-integrated version (with DB-backed rustango_api_keys table + ApiKeyBackend), see [crate::tenancy::auth_backends]. This module is the lower-level standalone helper for apps that want to manage API keys themselves.

Format

API keys are {prefix}.{secret}:

• prefix — 8-char hex, public. Stored alongside the hash so you can look up the key in O(1) without a full table scan.
• secret — 32-char hex, kept secret. Hashed with argon2id; the plaintext is only available at creation time.

Quick start

use rustango::api_keys::{generate_key, verify_key, hash_secret};

// Issuing a new key:
let (full_token, prefix, hash) = generate_key()?;
// Send `full_token` to the user once. Store `prefix` + `hash` in your DB.

// Verifying an inbound key:
let inbound = "abc12345.f9a7d2..."; // from request header
let parts = inbound.split_once('.').ok_or("bad format")?;
// Look up the row by parts.0 (prefix), then:
if verify_key(parts.1, &stored_hash)? {
    // authenticated
}

Enums

ApiKeyError

Functions

generate_key

Generate a fresh API key. Returns (full_token, prefix, hash):

hash_secret

Hash a secret with argon2id. Returns the standard PHC string format ($argon2id$v=19$...) suitable for storing in a varchar column.

split_token

Split a {prefix}.{secret} token. Returns None for malformed input.

verify_key

Verify a plaintext secret against a stored argon2 hash.