johnolafenwa / DeepStack

The World's Leading Cross Platform AI Engine for Edge Devices
Apache License 2.0
707 stars 113 forks source link

Move api key to http header #104

Open svrooij opened 3 years ago

svrooij commented 3 years ago

I just found that deepstack supports some security by adding the key to the request body. In almost all other apps the api key has to be send as an http header.

would it be possible to also support sending it in the http headers? That makes it easier to integrate with other security measures (like reverse proxy). For backward compatibility I would add reading the key from the headers additional. As in you can use both ways.

robmarkcole commented 3 years ago

I think it is a good suggestion, but also a significant breaking change if the current approach is dropped

svrooij commented 3 years ago

No I was suggesting to make something like:

So get it from the header and if that is empty revert to the current solution.

const apiKey = req.Headers.Authorization ?? currentImplementation();