auth_api

This pluggable module provides API key based authentication service. When this module is enabled, users may generate and use API keys to authenticate themselves when accessing various API application endpoints.

Currently, the API key may be provided via one of the following methods:

  • The Authorization HTTP header.

    You may provide your API key by adding Authorization HTTP header to your requests. Following forms are accepted:

    Authorization: abcd1234
Authorization: key abcd1234
Authorization: token abcd1234

  • The api_key or api_token parameter of the HTTP POST request.

    You may provide your API key as additional HTTP parameter api_key or api_token of your POST request to particular application endpoint. Using GET requests is forbidden due to the fact that request URLs are getting logged on various places and your keys could thus be easily compromised.

Provided endpoints

/auth_api/<user_id>/key-generate

Page enabling generation of new API key.

  • Authentication: login required

  • Authorization: admin

  • Methods: GET, POST

/auth_api/<user_id>/key-delete

Page enabling deletion of existing API key.

  • Authentication: login required

  • Authorization: admin

  • Methods: GET, POST