How do you implement API Keys?

So I’ve had this idea for an API for a while but the problem I keep coming back to is authentication. I’m using rocket to actually code it. I looked through the rocket docs and it looks like the closest thing to API key authentication it has are cookies.

I then went and looked at some other APIs to see if I can copy their layouts and it looks like a lot of them use an API key and then a secret API key for authentication. Did some more googling and stackoverflow said that it’s more secure to use a pair like that.

So that leaves me with the actual question: how do you actually implement this feature? Do you just generate API keys and throw them a database to be looked up later? Should they be written/read to a file to be used later(probably not a good option I’d guess).

Just for reference I’m using rocket, sqlx and postgres.

Chat

ExperimentalGuy@programming.devOP
link
fedilink
arrow-up
2·
23 hours ago
Thanks for the update, I wrote using rocket a few years ago so I figured everyone was still using that!

Rust@programming.dev

rust@programming.dev

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !rust@programming.dev

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

28 users / day
170 users / week
390 users / month
2.82K users / 6 months
11 local subscribers
6.92K subscribers
997 Posts
4.53K Comments
Modlog