23
How do you implement API Keys? (programming.dev)
submitted 6 days ago by ExperimentalGuy@programming.dev to c/rust@programming.dev
14 comments fedilink hide all child comments

So I've had this idea for an API for a while but the problem I keep coming back to is authentication. I'm using rocket to actually code it. I looked through the rocket docs and it looks like the closest thing to API key authentication it has are cookies.

I then went and looked at some other APIs to see if I can copy their layouts and it looks like a lot of them use an API key and then a secret API key for authentication. Did some more googling and stackoverflow said that it's more secure to use a pair like that.

So that leaves me with the actual question: how do you actually implement this feature? Do you just generate API keys and throw them a database to be looked up later? Should they be written/read to a file to be used later(probably not a good option I'd guess).

Just for reference I'm using rocket, sqlx and postgres.

you are viewing a single comment's thread
view the rest of the comments
[-] brian@programming.dev 1 points 4 days ago

I mean, that sounds sorta like JWTs which are used commonly enough for this type of thing

[-] sugar_in_your_tea@sh.itjust.works 1 points 4 days ago

I guess. Our use case was a bit different in that it carried which features they had access to, not just that they had some access. You could probably do that with a JWT as well, but we just issued them an encrypted upgrade file that matched the serial of their device and granted all usersln that device access to the feature.

That was simple enough for us.

this post was submitted on 16 May 2025
23 points (96.0% liked)

Rust

6940 readers
19 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev