Allow calling APIs with `/accounts/<acount_id>/` in the singleplayer mode

[aminya]

The documentation of the singleplayer mode specifies that the /accounts/<account_id>/ prefix "can" be removed, meaning it is optional, and it can be also provided. However, based on my tests, if the account id is provided, the server returns 404, and the prefix "must" be removed.

I am working on a Rust SDK for keygen-api, and this difference makes creating the SDK more complex. Could you make it possible to also provide the account_id in the singleplayer mode, so that the SDKs for both modes can use the same APIs and codebase without needing special conditions?

[ezekg]

This is already supported. If you're receiving a 404, it's because your KEYGEN_HOST environment variable is not configured correctly, so the router fails to route to routes with the /accounts prefix. It should be set to the full domain you're hosting Keygen at, e.g. licensing.example.com. Please refer to the docs on required configuration: https://keygen.sh/docs/self-hosting/#configuration

[aminya]

My keygen host is correctly set, and I can confirm it either by one of these two:

• {{baseUrl}}/ping: returns the ping headers correctly

curl --location 'https://localhost:443/v1/ping'

• {{baseUrl}}/tokens: that correctly generates a token.

curl --location --request POST 'https://localhost:443/v1/tokens' \
--header 'Content-Type: application/vnd.api+json' \
--header 'Accept: application/vnd.api+json' \
--header 'Authorization: Basic ??????????='

However, when I try {{baseUrl}}/accounts/:account/tokens, it doesn't work. I use the same account id I set in KEYGEN_ACCOUNT_ID.

curl --location --request POST 'https://localhost:443/v1/accounts/?????????/tokens' \
--header 'Content-Type: application/vnd.api+json' \
--header 'Accept: application/vnd.api+json' \
--header 'Authorization: Basic ?????????'

Here's the response log:

keygen-api-1  | I, [2024-04-14T07:09:37.924373 #37]  INFO -- : [************************************] method=POST path=/v1/accounts/************************************/tokens format=jsonapi controller=ErrorsController action=show status=404 duration=5.79 view=0.06 db=0.00 host=keygen-api request_id=************************************ api_revision=055c872 api_version=1.5 query_params=N/A account_id=N/A account_slug=N/A env_id=N/A env_code=N/A bearer_type=N/A bearer_id=N/A token_id=N/A authn=N/A authz=N/A ip=********** user_agent=curl/7.81.0 origin=N/A time=2024-04-14 07:09:37 UTC code=NOT_FOUND encoded_response=eyJtZXRhIjp7ImlkIjoiYTNkNTI2YzctNTg0Zi00YzFhLWI5M2UtNmZmZjliYWMxZTljIn0sImVycm9ycyI6W3sidGl0bGUiOiJOb3QgZm91bmQiLCJkZXRhaWwiOiJUaGUgcmVxdWVzdGVkIGVuZHBvaW50IHdhcyBub3QgZm91bmQgKGNoZWNrIHlvdXIgSFRUUCBtZXRob2QsIEFjY2VwdCBoZWFkZXIsIGFuZCBVUkwgcGF0aCkiLCJjb2RlIjoiTk9UX0ZPVU5EIn1dfQ== rate_limited=false rate_reset=2024-04-14 07:10:00 +0000 rate_window=30 rate_count=2 rate_limit=60 rate_remaining=58

[aminya]

Okay, I found the issue. In the development mode, the subdomain has to be explicitly set to api. Meaning the host should be something like api.example.com. Any other format would not work because of this check

https://github.com/keygen-sh/keygen-api/blob/c73f7b01239d19064bef19f32b4dda04398e1eb7/config/routes.rb#L24-L39

[ezekg]

Ah, okay. Why are you running Keygen CE in development mode? (Maybe you're doing so unintentionally since it's the default Rails environment.)

You should always use RAILS_ENV=production when running Keygen CE anywhere except localhost (for development purposes only). I'll add a note about this to the docs, and also update the default environment to be production for those that don't use the official Docker image.

The official Docker image automatically runs in production mode. Running in development mode will reduce performance and can introduce security issues.