Hapi auth scheme that allows users to access a route based on whether they have a valid api key presented either as a query or as a header. Register hapi-api-key as a plugin to make the 'api-key' scheme available for use with server.auth.strategy(...).
npm install hapi-api-key
const hapiApiKeyPlugin = require('hapi-api-key');
await server.register({
plugin: hapiApiKeyPlugin,
options: {}
});
server.auth.strategy('api-key', 'api-key', {
apiKeys: {
1234: {
name: 'hueniverse'
}
}
});-
apiKeys (required)
List of allowed API keys
-
schemeName
The name hapi will use to refer to the schema. By default this is 'api-key' but you can make it whatever you want.
-
validateKey
hapi-api-key comes with a default function that approves or denies access based on whether the header or field matches the list of allowed API keys, but you can provide your own validateKey function instead. Alternatively you can specify validateKey as a string, in which case hapi-api-key will look for a server method with that name in server.methods.
-
queryKey
The query field that contains the API key, by default this is 'token' (i.e. ?token=1234567) but you can override this to be whatever you want.
-
headerKey
The header field that contains the API key, by default this is the x-api-key header but you can override this to be whatever you want.
-
strategy
By default hapi-api-key registers the api-key scheme with HAPI and then you manually register a strategy that uses that scheme with server.auth.strategy(). But you can have hapi-api-key register the strategy for you by passing a strategy object when you register the plugin:
{
strategy: {
name: 'myStrategyName',
mode: true,
apiKeys: {
'anAPIKey': {
name: 'authenticationName'
}
]
}
}