An open API service indexing awesome lists of open source software.

https://github.com/skobow/apikey-authentication-spring-boot-starter

Spring boot starter to enable easy to use and configurable API key authentication for your Spring Boot project.
https://github.com/skobow/apikey-authentication-spring-boot-starter

api-key authentication spring-boot spring-boot-starter

Last synced: 6 months ago
JSON representation

Spring boot starter to enable easy to use and configurable API key authentication for your Spring Boot project.

Awesome Lists containing this project

README

          

# API Key Authentication Spring Boot Starter

[![Maven Central](https://maven-badges.herokuapp.com/maven-central/net.skobow/apikey-authentication-spring-boot-starter/badge.svg?style=flat)](https://maven-badges.herokuapp.com/maven-central/net.skobow/apikey-authentication-spring-boot-starter)
[![javadoc](https://javadoc.io/badge2/net.skobow/apikey-authentication-spring-boot-starter/javadoc.svg)](https://javadoc.io/doc/net.skobow/apikey-authentication-spring-boot-starter)

**This repository is not maintained anymore!**

## Description

This Spring Boot starter provides easy to use and though configurable API Key authentication for your Spring Boot project.

## Installation

To install simple add the dependency to you project build system, e.g. Gradle or Maven.

**Gradle**

implementation 'net.skobow:apikey-authentication-spring-boot-starter:0.6.1'

**Maven**


net.skobow
apikey-authentication-spring-boot-starter
0.6.1


## Usage

Just add the `@EnableApiKeyAuthentication` annotation to you Spring Boot Application class and provide `web.authentication.apikey` property to enable static API key authentication. This will add an Spring `HandlerInterceptor` that will check the `X-Api-Key` request header for the configured static API key.
If no or not the correct key is provided the request will fail and send 401 as return code.

If no value for an API key is provided a random key is generated and logged to command line. This configuration is only suitable for testing scenarios as it does not provide security as the API key may appear in logs and is therefore considered as insecure!

## Customization

### Adding custom includes or excludes

If you want to configure paths to be included or excluded you can provide lists with patterns in you Spring configuration.

@Bean("apiKeyAuthenticationIncludePatterns")
public List apiKeyAuthenticationIncludePatterns() {
...
}

or

@Bean("apiKeyAuthenticationExcludePatterns")
public List apiKeyAuthenticationExcludePatterns) {
...
}

Normally you may want to exclude at least your `/error` endpoint otherwise no errors will be returned to the user.

### Using custom HTTP header fields

If you want to use a different HTTP header field you can simply provide your own implementation of the `RequestApiKeyExtractor` interface as a Spring bean.

### Customizing API key verification

By default static API key verification for all requests is used. If your needs demand for a different verification schema you can provide your own implementation of the `ApiKeyVerificationHandler` interface as a Spring bean. This instance will be called during the request and lets you do your specific API key verification.