ApiKey

@vendure/core Source

An ApiKey is mostly used for authenticating non-interactive clients such as scripts or other types of services. An ApiKey is associated with a User whose permissions will apply when the ApiKey is used for authorization.

Similar to how passwords are handled, only a hash of the API key is stored in the database meaning, generated API-Keys are not viewable after creation, Users are responsible for storing them.

Hence, if a User forgets their ApiKey, the old one must be deleted and a new one created. This is called "rotating" an ApiKey.

Signature

class ApiKey extends VendureEntity implements HasCustomFields, ChannelAware, Translatable, SoftDeletable {    constructor(input?: DeepPartial<ApiKey>)    @Column({ unique: true })    lookupId: string;    @Column({ unique: true })    apiKeyHash: string;    @Column({ type: Date, nullable: true })    lastUsedAt: Date | null;    @Column({ type: Date, nullable: true })    deletedAt: Date | null;    @ManyToOne(type => User)    owner: User;    @EntityId()    ownerId: ID;    @ManyToOne(type => User)    user: User;    @EntityId()    userId: ID;    @ManyToMany(() => Channel)    @JoinTable()    channels: Channel[];    @OneToMany(() => ApiKeyTranslation, t => t.base, { eager: true })    translations: Array<Translation<ApiKey>>;    @Column(type => CustomApiKeyFields)    customFields: CustomApiKeyFields;    name: LocaleString;}

Extends: VendureEntity
Implements: HasCustomFields, ChannelAware, Translatable, SoftDeletable

lookupId

propertystring

apiKeyHash

propertystring

lastUsedAt

propertyDate | null

deletedAt

propertyDate | null

owner

propertyUser

ownerId

propertyID

user

propertyUser

userId

propertyID

channels

propertyChannel[]

translations

propertyArray<Translation<ApiKey>>

customFields

propertyCustomApiKeyFields

name

propertyLocaleString