Provides simple key-based authentication on a per-user basis similar to basic_auth but without requiring usernames or passwords. This is ideal for sites that expose consumer-facing APIs via rest, jsonapi, or something similar.
Keys are stored in the user entity so there are no additional tables or entities.
Available configuration
- Optionally automatically generate a key for users when accounts are created
- Key length (defaults to 32 characters)
- Control the parameter name that contains the key (defaults to api-key)
- Detect the key via a header, query, or both
Setup and usage
- Remove View published content permission from role, you are using this module for.
- Install the module.
- Grant users the Use key authentication permission.
- Configure the basic settings at admin/config/services/key-auth.
- Users with adequate permissions can view/update/delete their key at user/{user}/key-auth.
- To use with core rest, enable the key_auth authentication provider for your endpoints of choice.
- To use with jsonapi, no additional configuration is required.
- If Header detection is enabled, pass in a header with the name chosen in the configuration, and a value of your user's key (ie, api-key: b9a9a0ee50ceab7191282b51c).
- If Query detection is enabled, include a query parameter in the endpoint URL with the name chosen in the configuration, and a value of your user's key (ie, ?api-key=b9a9a0ee50ceab7191282b51c).
Please Note:
To deny the anonymous user role access to a REST endpoint, one need to change permissions and deny the anonymous user the permission "View published content". Then one can enable this module and use Key authentication (as an alternative to Basic authentication) to get access to the endpoint.
Project information
- Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed. - Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Decoupled, Developer Tools, Integrations
- 2,623 sites report using this module
- Created by mstef on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
Drupal 10 compatibility