[x] Automatically generate an API key if the user does not provide one
[x] Check value of the API key when calling endpoint protected by it
Preview
The server secret key used as an API key can now be set in .env:
SERVER_SECRET_KEY=roccsecretkey
If no secret key is set, the server generates one automatically. When the server starts, the API key is displayed.
Now most write endpoints are protected either by the API key or Bearer token. In the future, the API key may be removed and replaced by Bearer token + roles.
Implements https://github.com/Sage-Bionetworks/rocc-schemas/pull/198
TODO
Preview
The server secret key used as an API key can now be set in
.env
:If no secret key is set, the server generates one automatically. When the server starts, the API key is displayed.
Now most write endpoints are protected either by the API key or Bearer token. In the future, the API key may be removed and replaced by Bearer token + roles.