0

I'm trying to find the best approach to generate and store a Client API Key for each user to use.

It seems a pretty popular thing to do. However, the resources that are clearly talking about this topic is surprisingly rare. Let alone the fact that each one is suggesting different approach.

Can you please help with a solid ground on how to approach this?

itisme_
  • 31
  • 1
  • Cryptotgraphically unique, non-guessable and base64 encoding are probably the criteria for an API key. Any of the UUID libraries (of which there are a ton on NPM) combined with a cryptographicallly unique sequence would suffice and I'm quite sure between the duplicate your question has been marked and other searches, you can find pre-built modules that will do this for you. – jfriend00 Jun 16 '20 at 03:51
  • For storing, I presume you would store it in a database in a way that you can look it up quickly for validation when an incoming request arrives with an APIKey attached to it. – jfriend00 Jun 16 '20 at 03:55
  • For example, here's one: [uuid-apikey](https://www.npmjs.com/package/uuid-apikey). – jfriend00 Jun 16 '20 at 03:57

0 Answers0