github/OpenArchiver
1
1
Fork 0
mirror of https://github.com/LogicLabs-OU/OpenArchiver.git synced 2026-04-06 00:31:57 +02:00
Code Issues 161 Packages Projects Releases Wiki Activity
Files
4048f477774774d54016bb1884331b73dfd204ce
OpenArchiver/docs/api/authentication.md
Wei S. 22b173cbe4 Feat: Implement API key authentication (#84) 
* feat(auth): Implement API key authentication

This commit enables API access with an API key system. This change provides a better experience for programmatic access and third-party integrations.

Key changes include:
- **API Key Management:** Users can now generate, manage, and revoke persistent API keys through a new "API Keys" section in the settings UI.
- **Authentication Middleware:** API requests are now authenticated via an `X-API-KEY` header instead of the previous `Authorization: Bearer` token.
- **Backend Implementation:** Adds a new `api_keys` database table, along with corresponding services, controllers, and routes to manage the key lifecycle securely.
- **Rate Limiting:** The API rate limiter now uses the API key to identify and track requests.
- **Documentation:** The API authentication documentation has been updated to reflect the new method.

* Add configurable API rate limiting

Two new variables are added to `.env.example`:
- `RATE_LIMIT_WINDOW_MS`: The time window in milliseconds for which requests are checked (defaults to 15 minutes).
- `RATE_LIMIT_MAX_REQUESTS`: The maximum number of requests allowed from an IP within the window (defaults to 100).

The installation documentation has been updated to reflect these new configuration options.

---------

Co-authored-by: Wayne <5291640+ringoinca@users.noreply.github.com>
2025-09-04 15:07:53 +03:00

993 B
Raw Blame History

API Authentication

To access protected API endpoints, you need to include a user-generated API key in the X-API-KEY header of your requests.

1. Creating an API Key

You can create, manage, and view your API keys through the application's user interface.

  1. Navigate to Settings > API Keys in the dashboard.
  2. Click the "Generate API Key" button.
  3. Provide a descriptive name for your key and select an expiration period.
  4. The new API key will be displayed. Copy this key immediately and store it in a secure location. You will not be able to see it again.

2. Making Authenticated Requests

Once you have your API key, you must include it in the X-API-KEY header of all subsequent requests to protected API endpoints.

Example:

GET /api/v1/dashboard/stats
X-API-KEY: a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2

If the API key is missing, expired, or invalid, the API will respond with a 401 Unauthorized status code.

Reference in New Issue View Git Blame Copy Permalink