API Key management for SilverStripe
This module provides a way of creating an managing API keys within SilverStripe. This can be useful for building RESTful and other APIs., (*2)
composer require sminnee/silverstripe-apikey
SecurityAdminprovide interfaces for seeing API keys, and generating new ones. API keys are allocated member-by-member.
RequestMiddlewarewill look for an API key header (default:
X-API-Key) and if it is present, authenticate the user so that Member::currentUser() will return the corresponding member. This should be configured by non-GraphQL requests.
ApiKeyAuthenticatorshould be configured for GraphQL request and will return the authenticated member for GraphQL contexts to use, while not applying it to the CMS session.
For regular module usage, use the
RequestMiddleware class. The configuration to apply it is in this module's
but is commented out., (*3)
Copy the configuration and add it to your
mysite/_config/apikey.yml file., (*4)
This will protect all of your frontend routes., (*5)
The GraphQL authenticator will work separately from the
RequestMiddleware. If using this module for GraphQL, you will
probably want to disable the
RequestMiddleware. If you run both at the same time you will find that:, (*6)
This should be considered experimental for now, and used with care. It has not received a security audit., (*7)