Title: [Auth] Implement API key generation and validation for oracle clients
Tags: backend, auth, oracle, feature, security
Description:
Oracle services and automated systems authenticate via API keys instead of JWT to avoid token expiry issues.
Acceptance Criteria:
Files: src/middleware/api-key.middleware.ts, src/routes/admin.routes.ts
Title:
[Auth] Implement API key generation and validation for oracle clientsTags:
backend,auth,oracle,feature,securityDescription:
Oracle services and automated systems authenticate via API keys instead of JWT to avoid token expiry issues.
Acceptance Criteria:
POST /admin/api-keys(admin only) — generates a scoped API key (oracle,read-only).api-key.middleware.tsvalidatesX-API-Keyheader and attaches the key's scope toreq.DELETE /admin/api-keys/:id— revokes a key immediately.GET /admin/api-keys— lists all keys with metadata (never the raw key after creation).Files:
src/middleware/api-key.middleware.ts,src/routes/admin.routes.ts