Hey guys, I need some help on an api-key concept I...
# support-questions-legacyn
nadilas
11/03/2022, 6:10 PMHey guys, I need some help on an api-key concept I'd like to build out.
r
rp_st
11/03/2022, 6:11 PMHey @nadilas
n
nadilas
11/03/2022, 6:11 PMI'll be allowing users to generate api keys/tokens for themselves and I already have supertoken in place. I'd like the verifySession to grab the api-key header and turn it into a user.
nadilas
11/03/2022, 6:12 PMMy first idea was metadata, but seems off and I haven't checked yet if I can override the verifySession to do a lookup for a user based on metadata
nadilas
11/03/2022, 6:12 PMAny ideas for me to check into?
r
rp_st
11/03/2022, 6:12 PMI’m not sure I understand what you mean by grab the api-key and turn it into a user
n
nadilas
11/03/2022, 6:13 PMif i had total control of the verifySession, I'd do:
Copy code
ts
const apiKey = req.headers['x-api-key']
const user = db.userByApiKey(apiKey)
const session = supertokens.newSession(user)nadilas
11/03/2022, 6:14 PMmaybe code explains it better than i can
r
rp_st
11/03/2022, 6:14 PMAh I see.
rp_st
11/03/2022, 6:16 PMYou don’t need to use verifySession at all in this case. Just do what you wrote above. The result of calling createNewSession is the session object
rp_st
11/03/2022, 6:16 PMWhich you get when you call verifySession
n
nadilas
11/03/2022, 6:16 PMOh 😅
nadilas
11/03/2022, 6:17 PMand can I somehow tranlaste
db.userByApiKeyr
rp_st
11/03/2022, 6:18 PMYou could store the api tokens in supertokens such that it’s the ID to the usermetadata recipe and the resulting json contains the user id of the user
rp_st
11/03/2022, 6:19 PMCause metadata recipe can take in any random id as well. And associate any json against it
rp_st
11/03/2022, 6:20 PMIt’s a strange way to use the metadata recipe, but it would work
n
nadilas
11/03/2022, 6:20 PM😆
nadilas
11/03/2022, 6:20 PMit basically would just save a separate table in an external database
nadilas
11/03/2022, 6:20 PMI do agree it's a misuse of the recipe itself, doesn't sound right
nadilas
11/03/2022, 6:20 PMAwesome, thanks 🙂
r
rp_st
11/03/2022, 6:21 PMWell, there is no downside in using the metadata recipe that way. As long as the api key length is leaser than 256 chars
n
nadilas
11/03/2022, 6:22 PMIt is for now. Do you have roundtrip metrics for a metadata.get call?
r
rp_st
11/03/2022, 6:23 PMNot really. But it’s a simple select query against a primary ID of a table
rp_st
11/03/2022, 6:23 PMSo I’d imagine it being quite fast anyway
rp_st
11/03/2022, 6:23 PMThe only issue is that it would query the core which would query the db.
rp_st
11/03/2022, 6:23 PMSo 2 network calls
rp_st
11/03/2022, 6:23 PMAs opposed to if you directly query your db
n
nadilas
11/03/2022, 6:23 PM👍 one last question, can I use the metadata recipe from an edge function?
nadilas
11/03/2022, 6:24 PMright.
r
rp_st
11/03/2022, 6:24 PMYou can. Do supertokens.init with the recipeList containing the metadata recipe init and then use the functions in there
rp_st
11/03/2022, 6:24 PMIf you don’t wanna use the SDKs in the edge function, just query the core directly
n
nadilas
11/03/2022, 6:25 PMwe are referring to the frontend init or the backend?
r
rp_st
11/03/2022, 6:25 PMBackend
n
nadilas
11/03/2022, 6:25 PMgot it
nadilas
11/03/2022, 6:25 PMperfect, I'll do some testing to see what fits better
nadilas
11/03/2022, 6:25 PMthanks a lot