API key support? #449
Comments
|
Hey @hansemannn , If I understand correctly, you want to be able to attach your own api key that was generated in the strapi admin area? |
|
In general, I want to access APIs that require an API key, e.g. protected posts. While this is possible with their REST API, this wrapper is missing it so far IIRC. Thanks for checking this! 🏅 |
|
If you don't mind me asking, what is the current implementation that you have fro this type of functionality? I am thinking a composable can be added for this type of thing BUT it sounds verify niche |
|
The current implementation is a Rest API call with an authentication header. It's necessary for any kind if non-public data that may leak if not properly secured. But as we are quite happy with that approach, it's okay not to add it here. |
|
+1 to the OP I fee like this is a must have feature as quite a few people are probably using Strapi as a CMS for a simple content site that doesn't require users to login, but they still want to protect their API using Strapi's API token feature. |
|
As far as i understand it the plugin does not support this because it would expose the token on the frontend since this is where it executes. But there still is a valid use case for making use of an api token, and that is for a catch-all read-access token (which could be exposed on the FE without issue). It saves you the hassle of having to select the find/findAll options each time you create a new content-type. As it stands now, if I want to use such a token, i have to make use of the REST API directly or set the respective r/o rights on the endpoints directly. |
Hi there!
Maybe I am overseeing it in the docs, but does this module support authenticating a request? For REST requests, API keys generated in Strapi admin can be set via the
Authorization: Bearer XXXheader, but I cannot find a util for that, yet.Thanks a lot!
The text was updated successfully, but these errors were encountered: