robmarkcole
commented
3 years ago I think it is a good suggestion, but also a significant breaking change if the current approach is dropped
Open svrooij opened 3 years ago
robmarkcole
commented
3 years ago I think it is a good suggestion, but also a significant breaking change if the current approach is dropped
svrooij
commented
3 years ago No I was suggesting to make something like:
So get it from the header and if that is empty revert to the current solution.
const apiKey = req.Headers.Authorization ?? currentImplementation();
I just found that deepstack supports some security by adding the key to the request body. In almost all other apps the api key has to be send as an http header.
would it be possible to also support sending it in the http headers? That makes it easier to integrate with other security measures (like reverse proxy). For backward compatibility I would add reading the key from the headers additional. As in you can use both ways.