API Key

Introduction

API key mode is a simple way to authenticate instances with a static secret. This is useful for machine-to-machine (M2M) purposes.

Production Warning

Hard-coding API keys in the public client's source code is not advisable because it will be exposed to all users, unless you know what you are doing.

Enabling API Key Mode

Configuration

Edit the auth.yaml file. Add an apiMode mode to the definitions array.

An example for noAuth mode:
version: v1
kind: RelyAuth
definition:
  modes:
    - mode: apiKey
      tokenLocation:
        in: header
        name: x-hasura-admin-secret
      value:
        value: "randomsecret" # Literal value
        env: HASURA_GRAPHQL_ADMIN_SECRET # Environment variable
      sessionVariables:
        x-hasura-role:
          value: admin

`tokenLocation`

`in`

Location of the API key that needs to be authenticated. Accepted values are header, query, or cookie.

`name`

The case-insensitive name of the parameter in header, query, or cookie.

`scheme`

The authentication scheme of the API key. It is used to add the prefix of the credential, for example, Bearer <api-key>.

`value`

The value of the API key can be either a literal value or an environment variable.

`sessionVariables`

Static session variables that will be used if authenticated, such as x-hasura-role: admin. This field is a key-value map, with value can be either a literal value or an environment variable.

Introduction​

Enabling API Key Mode​

Configuration​

tokenLocation​

in​

name​

scheme​

value​

sessionVariables​