How to configure Server API keys to separate access to data

Hi do you have an example of how to configure API keys.
Currently I made a project that gets my data.

I have a set or records, let's call them A, B and C.
Now i want to give people access to those records in combination with there API key.
So key-1 gets access to A, Key-2 gets access to B and Key-3 gets access to C.

I have no idea how to configure this. So hope you can help.

Now I have a simple filter what kinda works, but I prefer to do it with an api key.
This is my current URL: https://somedomain.nl/api/data/{ID} (Easymorph is behind a proxy).
Where ID is the api-key and in the easymorph project there is a filter on it.

Configure authentication by API keys

Go to the API settings page:

In the "Authentication" tab, configure authentication by APU key (see below). You can choose between expecting an API key in a request header, or in a URL parameter.

Create API keys after the sets of records and give them meaningful names (identities) such as A, B, and C to correspond to your record sets.

Obtain the API key name via a workflow parameter

Create a parameter in the workflow and name it, for instance, "Key name".

In the endpoint settings, press "Assign parameters" (see below):

In the parameter assignment dialog, assign "Request identity" to the parameter (see below):

Since the API authentication mode is configured to use API keys, "Request identity" is the API key name (not value!) configured above (i.e. "A", "B", or "C"). Now, API clients must specify an API key (values, not names) in their requests, and corresponding key names (request identities) will be assigned to workflow parameters.

Once you have the key name in the workflow, you can do filtering as necessary using the regular EasyMorph actions.

Hi, works perfect.
Was only hoping that I could configure all the keys in a database table (so screenshot 2 in a database table). But this works also. Thank you.

The API server is designed so that the built-in authentication is optional. You can always build your own authentication mechanism.

For instance, if you want to keep and manage API keys in a database:

  1. Switch API server to not using any built-in authentication
  2. Make a database table with two columns: "Key Name" and "API Key"
  3. Instruct your API clients to provide an API key via request header (or URL parameter)
  4. In the endpoint settings, assign the request header (or URL parameter) to a workflow parameter
  5. Query the database table to look up the key name by the parameter
  6. Filter your main dataset using the key name or return an error response if the API key not found in the database.

PS. The built-in API authentication mechanism is built so that API keys are secret and are not exposed. It can be hard to achieve using generic means as the described above.

Thank you, maybe I will try that. It works now, so currently I'm happy :-).

1 Like