{"id":15705296,"url":"https://github.com/brahmlower/prefixed-api-key","last_synced_at":"2025-04-14T22:45:06.575Z","repository":{"id":58096011,"uuid":"529790949","full_name":"brahmlower/prefixed-api-key","owner":"brahmlower","description":"A Rust module for generating Prefixed API Keys","archived":false,"fork":false,"pushed_at":"2024-08-21T01:01:34.000Z","size":51,"stargazers_count":10,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-24T16:38:31.834Z","etag":null,"topics":["api-security","prefixed-api-key","rust"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/prefixed-api-key","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brahmlower.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-28T07:18:01.000Z","updated_at":"2024-08-21T00:52:06.000Z","dependencies_parsed_at":"2023-11-12T21:25:32.903Z","dependency_job_id":"75bc632d-3f7c-4369-b70c-f65268db9b32","html_url":"https://github.com/brahmlower/prefixed-api-key","commit_stats":{"total_commits":52,"total_committers":2,"mean_commits":26.0,"dds":"0.019230769230769273","last_synced_commit":"76058143b7a00135d9bdf9ef725299422f92e0e4"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brahmlower%2Fprefixed-api-key","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brahmlower%2Fprefixed-api-key/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brahmlower%2Fprefixed-api-key/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brahmlower%2Fprefixed-api-key/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brahmlower","download_url":"https://codeload.github.com/brahmlower/prefixed-api-key/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248975291,"owners_count":21192198,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-security","prefixed-api-key","rust"],"created_at":"2024-10-03T20:15:21.765Z","updated_at":"2025-04-14T22:45:06.539Z","avatar_url":"https://github.com/brahmlower.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# A Rust implementation of Prefixed API Key\n\nThis library is a Rust implementation of the [Prefixed API Key](https://github.com/seamapi/prefixed-api-key) typescript library. Though its interface differs slightly from the typescript version, this library provides the same set of features and functionality as the typescript version.\n\n## Prefixed API Key (Seam-style)\n\n\u003e Example key: `mycompany_BRTRKFsL_51FwqftsmMDHHbJAMEXXHCgG`\n\n\u003e [See discussion on Hacker News](https://news.ycombinator.com/item?id=31333933#31336542)\n\nSeam-style API Keys have many advantages:\n\n- Double clicking the api key selects the entire api key\n- The alphabet is standard across languages thanks [to the base58 RFC](https://datatracker.ietf.org/doc/html/draft-msporny-base58) and its usage in cryptocurrencies\n- They are shorter than hex and base32 api keys\n- They have prefixes [allowing secret scanning by github](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)\n- They have a hashed component so the server doesn't need to store the api key (reducing attack surface)\n- They have unhashed short tokens which can be mutually used by the server and key bearer/customer to identify the api key\n- They default to roughly the same number of entropy bits as UUIDv4\n\n### The Format\n\nSeam-style api keys look like this:\n\n```ignore\nmycompany_BRTRKFsL_51FwqftsmMDHHbJAMEXXHCgG\n```\n\nLet's break down each component of the API key...\n\n```ignore\nmycompany ..._...  BRTRKFsL ..._...  51FwqftsmMDHHbJAMEXXHCgG\n^                  ^                 ^\nPrefix             Short Token       Long Token\n```\n\n- The Prefix is used to identify the company or service creating the API Key.\n  This is very helpful in secret scanning.\n- The Short Token is stored by both the server and the key bearer/customer, it\n  can be used to identify an API key in logs or displayed on a customer's\n  dashboard. A token can be blocklisted by its short token.\n- The Long Token is how we authenticate this key. The long token is never stored\n  on the server, but a hash of it is stored on the server. When we receive an\n  incoming request, we search our database for `short_token` and `hash(long_token)`.\n\n## Getting Started\n\nThe original Typescript implementation of Prefixed API Keys has a few technical decisions hardcoded,\nbut this crates aims to give full control over which hashing algorithm and random number\ngenerator are used. However this adds more complexity than may be desirable, so helpers are\navailable to make configuration relatively painless.\n\nBy installing the crate with the `sha2` feature flag, you can create an almost-entirely configured\n`PrefixedApiKeyController` instance using the `seam_defaults` function, which configures the\ncontroller the same way as Seam's Typescript implementation.\n\n```rust\nuse prefixed_api_key::PrefixedApiKeyController;\n\nfn main() {\n    // A controller using `rand::rng::OsRng` as the RNG source, and\n    // `sha2::Sha256` as the hashing algorithm.\n    let builder_result = PrefixedApiKeyController::configure()\n        .prefix(\"mycompany\".to_owned())\n        .seam_defaults()\n        .finalize();\n\n    assert!(builder_result.is_ok());\n\n    let controller = builder_result.unwrap();\n\n    // Generate a new PrefixedApiKey\n    let (pak, hash) = controller.try_generate_key_and_hash().unwrap();\n\n    // Assert that the returned key matches the hash\n    assert!(controller.check_hash(\u0026pak, \u0026hash));\n\n    // Stringify the key to be sent to the user. This creates a string from the\n    // PrefixedApiKey which follows the `\u003cprefix\u003e_\u003cshort token\u003e_\u003clong token\u003e` convention\n    let pak_string = pak.to_string();\n}\n```\n\nUsing the `seam_defaults()` function with the `sha2` feature flag is equivalent to doing\nthe following without using the `sha2` feature:\n\n```rust\nuse sha2::Sha256;\nuse prefixed_api_key::PrefixedApiKeyController;\n\nfn main() {\n    let controller = PrefixedApiKeyController::\u003c_, Sha256\u003e::configure()\n        .prefix(\"mycompany\".to_owned())\n        .rng_osrng()\n        .short_token_length(8)\n        .long_token_length(24)\n        .finalize();\n}\n```\n\n## Testing\n\nLibrary tests:\n\n```ignore\ncargo test --all-features\n```\n\nVerify minimum supported rust version (MSRV):\n\n```ignore\ncargo install cargo-msrv\ncargo msrv verify\n```\n\nTesting code hygiene requires `clippy` and `rustfmt` components:\n\n```ignore\ncargo fmt --all -- --check\ncargo clippy -- -D warnings\n```\n\nThe library and hygiene tests will be run for all examples too\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrahmlower%2Fprefixed-api-key","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrahmlower%2Fprefixed-api-key","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrahmlower%2Fprefixed-api-key/lists"}