Creating a RESTful API server with API key

Hello,

We have a project where the main component is a RESTful API server backend for various apps (Web, Android, iOS, desktop). The client/frontend apps will communicate with the API via an API key. The API key can be a JWT or an OAuth2 access_token with a configurable lifetime. How can we implement this with CUBA?

The API key can be generated by the ff:

  1. App or user registers with the API server.
  2. API server issues an API key.
  3. User can revoke or delete the API key then can issue a new one.

Thanks in advance!

Hi,

Unfortunately, lifetime of our access tokens cannot be configured. The only option to change it - use Persistent Token store: https://doc.cuba-platform.com/manual-6.6/rest_api_v2_persistent_token_store.html You can build conidtional expire mechanism in your project for this type of token store.

Since fresh 6.6.0 release you can implement custom authentication end-point for REST-API: https://doc.cuba-platform.com/manual-6.6/rest_api_v2_custom_auth.html You can implement API keys management right in your application and employ this feature to provide OAuth2 access tokens using your API keys.