issuing API keys


04/06/2023, 5:09 PM
Hey just a quick technical question, is there any sort of built in functionality for the use for API keys in order to give auth for our API to other companies? Or do they need to use the standard login/verification routes?
You can use our microservice auth guide for this: Essentially, you want to use our JWT recipe to issue JWTs to the third party clients and verify those (As mentioned in the guide link above) in your APIs. If you are sharing the same API for frontend calls and third party client calls, then you can make your own custom verification middleware (See for example) which first does optional session verification via our getSession function, and if that doesn't return a session, then you can assume it's an API call from the third party client and attempt a regular JWT verification. If that fails too, send back a 401 to the frontend.