How to Create API-key Enabled Server Actions?

Server Side Components General
1

I’m looking for ideas on how to create a server action to support API keys.

My initial thoughts are:

  1. create a role of ‘API’
  2. create a user account for the api (username=api_key_value, password=api_secret)
  3. on the server connection create a server variable called API_key and api_secret (based on this post - it looks like it will work)
  4. If an API key is provided, perform a login
  5. Use the standard security restrict
  6. do your stuff…

Any thoughts or suggestions or a better way to do this?

2

The latter part of this may help where I discuss that.

3

I appreciate your reply. You are seriously a rockstar!

That’s not quite what I want to do. I want to be able to make a REST call by passing data on the headers instead of two separate calls - one to authenticate and one for my API.

The article I referenced helped me figure it out but there wasn’t good Wappler documentation on how to get the HTTP header values.

Here’s what I ended up doing:

  1. Followed the steps in this article to set up a User table

  2. Created 2 new server variables
    image

  3. Added a condition to check for the presence of the header key and if it’s provided, login.
    image

  4. Then in postman provided the api-key and api-secret values

    image
    image1050×486 55.4 KB

  5. If nothing is provided and the user’s not logged in:

    image
    image1051×518 54.9 KB

2 Likes
4

Hi. Thanks for sharing this information. This method looks very much like the approach I need to take in order to send data securely to my Wappler backend db from a remote golang app. Did you find this api header auth approach works well?

1 Like