As a CentOps Architect
I want the /admin endpoints of the CentOps API to require use of admin API keys
So that only admins can call the /admin endpoints
Acceptance Criteria
Should handle all /admin endpoints in the following way:
[ ] Should return 400 BadRequest if X-Api-Key header is missing
[ ] Should return 401 Unauthorized if X-Api-Key header contains non-admin key
Should handle the public GET /participants and /institutions endpoints in the following way:
[ ] Should return 401 Unauthorized if X-Api-Key is revoked
Should handle PUT /participants and /institutions in the following way:
[ ] Should return 401 Unauthorized if X-Api-Key is revoked
[ ] Should fetch the entity id associated with the API Key and store it in the request context for use by the data access layer.
I will close this issue without a merge into main. Work for this issue will be in PR #58 and merge conflicts and PR comments will be address in the new issue.
As a CentOps Architect I want the
/admin
endpoints of the CentOps API to require use of admin API keys So that only admins can call the/admin
endpointsAcceptance Criteria
X-Api-Key
header is missingX-Api-Key
header contains non-admin keyGET /participants
and/institutions
endpoints in the following way:X-Api-Key
is revokedPUT /participants
and/institutions
in the following way:X-Api-Key
is revokedid
associated with the API Key and store it in the request context for use by the data access layer.