Creating a RESTful API server with API key


We have a project where the main component is a RESTful API server backend for various apps (Web, Android, iOS, desktop). The client/frontend apps will communicate with the API via an API key. The API key can be a JWT or an OAuth2 access_token with a configurable lifetime. How can we implement this with CUBA?

The API key can be generated by the ff:

  1. App or user registers with the API server.
  2. API server issues an API key.
  3. User can revoke or delete the API key then can issue a new one.

Thanks in advance!


Unfortunately, lifetime of our access tokens cannot be configured. The only option to change it - use Persistent Token store: You can build conidtional expire mechanism in your project for this type of token store.

Since fresh 6.6.0 release you can implement custom authentication end-point for REST-API: You can implement API keys management right in your application and employ this feature to provide OAuth2 access tokens using your API keys.