To ensure only authorized clients can access API endpoints, add a client key that is required in the HTTP headers.
Add a domain entity that facilitates a new table:
installation_clients
id PK int
installation_id uuid
name varchar
client_key uuid
Before even performing the authorization token security, every API request should look for a header with the key "ClientKey". If this is not present, or does not match one of the values within this new table, an unauthorized response should be returned.
To ensure only authorized clients can access API endpoints, add a client key that is required in the HTTP headers.
Add a domain entity that facilitates a new table:
installation_clients id PK int installation_id uuid name varchar client_key uuid
Before even performing the authorization token security, every API request should look for a header with the key "ClientKey". If this is not present, or does not match one of the values within this new table, an unauthorized response should be returned.