hapi-auth-api-key
Advanced tools
API Key authentication strategy for Hapi.js
npm install hapi-auth-api-key
import Hapi from '@hapi/hapi'
import HapiAuthApiKey from 'hapi-auth-api-key'
const VALID_API_KEY = process.env.API_KEY || 'your-secret-api-key'
const init = async () => {
const server = Hapi.server({
port: 3000,
host: 'localhost'
})
await server.register({
plugin: HapiAuthApiKey, options: { apiKey: VALID_API_KEY }
})
server.auth.strategy('api-key', 'api-key')
server.route({
method: 'GET',
path: '/',
options: {
auth: 'api-key'
},
handler: (request, h) => {
console.log('Authenticated request with API key:', request.auth.credentials.apiKey)
return 'Hello World!'
}
})
await server.start()
console.log('Server running on %s', server.info.uri)
}
process.on('unhandledRejection', (err) => {
console.log(err)
process.exit(1)
})
init()
By default, the plugin expects clients to send the API key in the x-api-key header with each request:
curl -H "x-api-key: your-secret-api-key" http://localhost:3000/
Alternatively, you can configure the plugin to accept the API key as a query parameter by setting the queryParamName option.
The plugin accepts the following options during registration:
apiKey (required)The API key(s) that are valid for authentication. Can be:
String: A single API key
{ apiKey: 'your-secret-api-key' }
Array of strings: Multiple valid API keys
{ apiKey: ['key-1', 'key-2', 'key-3'] }
Function: A function that receives the request and returns a string or array of strings
{ apiKey: (request) => request.headers['x-tenant-id'] === 'tenant-a' ? 'key-a' : 'key-b' }
Promise: A promise that resolves to a string or array of strings
{ apiKey: fetchApiKeysFromDatabase() }
headerName (optional)The name of the header to check for the API key. Defaults to x-api-key.
{ headerName: 'authorization' }
queryParamName (optional)The name of the query parameter to check for the API key. Defaults to api-key.
{ queryParamName: 'key' }
Note: At least one of headerName or queryParamName must be specified (or left as default).
FAQs
API Key authentication strategy for Hapi.js
We found that hapi-auth-api-key demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.