{"id":38045345,"url":"https://github.com/skobow/apikey-authentication-spring-boot-starter","last_synced_at":"2026-01-16T19:57:45.105Z","repository":{"id":49268321,"uuid":"169838701","full_name":"skobow/apikey-authentication-spring-boot-starter","owner":"skobow","description":"Spring boot starter to enable easy to use and configurable API key authentication for your Spring Boot project.","archived":false,"fork":false,"pushed_at":"2024-08-03T10:28:31.000Z","size":35,"stargazers_count":13,"open_issues_count":0,"forks_count":11,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-16T03:27:27.037Z","etag":null,"topics":["api-key","authentication","spring-boot","spring-boot-starter"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skobow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-09T06:25:14.000Z","updated_at":"2024-08-03T10:28:34.000Z","dependencies_parsed_at":"2024-11-16T03:26:45.526Z","dependency_job_id":"3dbd08bc-1af9-4e1e-9c10-510597767036","html_url":"https://github.com/skobow/apikey-authentication-spring-boot-starter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/skobow/apikey-authentication-spring-boot-starter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skobow%2Fapikey-authentication-spring-boot-starter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skobow%2Fapikey-authentication-spring-boot-starter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skobow%2Fapikey-authentication-spring-boot-starter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skobow%2Fapikey-authentication-spring-boot-starter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skobow","download_url":"https://codeload.github.com/skobow/apikey-authentication-spring-boot-starter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skobow%2Fapikey-authentication-spring-boot-starter/sbom","scorecard":{"id":829869,"data":{"date":"2025-08-11","repo":{"name":"github.com/skobow/apikey-authentication-spring-boot-starter","commit":"688d0b1988426e9ca9e474e2fb21465745250760"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T17:28:34.499Z","repository_id":49268321,"created_at":"2025-08-23T17:28:34.499Z","updated_at":"2025-08-23T17:28:34.499Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28482160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-key","authentication","spring-boot","spring-boot-starter"],"created_at":"2026-01-16T19:57:44.344Z","updated_at":"2026-01-16T19:57:45.097Z","avatar_url":"https://github.com/skobow.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# API Key Authentication Spring Boot Starter\n\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/net.skobow/apikey-authentication-spring-boot-starter/badge.svg?style=flat)](https://maven-badges.herokuapp.com/maven-central/net.skobow/apikey-authentication-spring-boot-starter)\n[![javadoc](https://javadoc.io/badge2/net.skobow/apikey-authentication-spring-boot-starter/javadoc.svg)](https://javadoc.io/doc/net.skobow/apikey-authentication-spring-boot-starter)\n\n**This repository is not maintained anymore!**\n\n## Description\n\nThis Spring Boot starter provides easy to use and though configurable API Key authentication for your Spring Boot project. \n\n## Installation\n\nTo install simple add the dependency to you project build system, e.g. Gradle or Maven.\n\n**Gradle**\n\n    implementation 'net.skobow:apikey-authentication-spring-boot-starter:0.6.1'\n    \n **Maven**\n \n    \u003cdependency\u003e\n      \u003cgroupId\u003enet.skobow\u003c/groupId\u003e\n      \u003cartifactId\u003eapikey-authentication-spring-boot-starter\u003c/artifactId\u003e\n      \u003cversion\u003e0.6.1\u003c/version\u003e\n    \u003c/dependency\u003e\n    \n ## Usage\n \n Just add the `@EnableApiKeyAuthentication` annotation to you Spring Boot Application class and provide `web.authentication.apikey` property to enable static API key authentication. This will add an Spring `HandlerInterceptor` that will check the `X-Api-Key` request header for the configured static API key.\n If no or not the correct key is provided the request will fail and send 401 as return code.\n \n If no value for an API key is provided a random key is generated and logged to command line. This configuration is only suitable for testing scenarios as it does not provide security as the API key may appear in logs and is therefore considered as insecure!\n \n ## Customization\n \n ### Adding custom includes or excludes\n \n If you want to configure paths to be included or excluded you can provide lists with patterns in you Spring configuration.\n \n    @Bean(\"apiKeyAuthenticationIncludePatterns\") \n    public List\u003cString\u003e apiKeyAuthenticationIncludePatterns() {\n        ...\n    }\n    \n or \n \n    @Bean(\"apiKeyAuthenticationExcludePatterns\")\n    public List\u003cString\u003e apiKeyAuthenticationExcludePatterns) {\n        ...\n    }\n    \n Normally you may want to exclude at least your `/error` endpoint otherwise no errors will be returned to the user.\n \n ### Using custom HTTP header fields\n \n If you want to use a different HTTP header field you can simply provide your own implementation of the `RequestApiKeyExtractor` interface as a Spring bean.\n \n ### Customizing API key verification\n \n By default static API key verification for all requests is used. If your needs demand for a different verification schema you can provide your own implementation of the `ApiKeyVerificationHandler` interface as a Spring bean. This instance will be called during the request and lets you do your specific API key verification.\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskobow%2Fapikey-authentication-spring-boot-starter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskobow%2Fapikey-authentication-spring-boot-starter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskobow%2Fapikey-authentication-spring-boot-starter/lists"}