mirror of
https://github.com/LogicLabs-OU/OpenArchiver.git
synced 2026-04-06 00:31:57 +02:00
d56259656d
This commit enables API access with an API key system. This change provides a better experience for programmatic access and third-party integrations. Key changes include: - **API Key Management:** Users can now generate, manage, and revoke persistent API keys through a new "API Keys" section in the settings UI. - **Authentication Middleware:** API requests are now authenticated via an `X-API-KEY` header instead of the previous `Authorization: Bearer` token. - **Backend Implementation:** Adds a new `api_keys` database table, along with corresponding services, controllers, and routes to manage the key lifecycle securely. - **Rate Limiting:** The API rate limiter now uses the API key to identify and track requests. - **Documentation:** The API authentication documentation has been updated to reflect the new method.
993 B
993 B
API Authentication
To access protected API endpoints, you need to include a user-generated API key in the X-API-KEY header of your requests.
1. Creating an API Key
You can create, manage, and view your API keys through the application's user interface.
- Navigate to Settings > API Keys in the dashboard.
- Click the "Generate API Key" button.
- Provide a descriptive name for your key and select an expiration period.
- The new API key will be displayed. Copy this key immediately and store it in a secure location. You will not be able to see it again.
2. Making Authenticated Requests
Once you have your API key, you must include it in the X-API-KEY header of all subsequent requests to protected API endpoints.
Example:
GET /api/v1/dashboard/stats
X-API-KEY: a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2
If the API key is missing, expired, or invalid, the API will respond with a 401 Unauthorized status code.