Skip to content

Issue #53 — API key management #450

Description

@GoSTEAN

Title: [Auth] Implement API key generation and validation for oracle clients

Tags: backend, auth, oracle, feature, security

Description:
Oracle services and automated systems authenticate via API keys instead of JWT to avoid token expiry issues.

Acceptance Criteria:

  • POST /admin/api-keys (admin only) — generates a scoped API key (oracle, read-only).
  • API key is a 32-byte random hex string; stored as bcrypt hash.
  • api-key.middleware.ts validates X-API-Key header and attaches the key's scope to req.
  • DELETE /admin/api-keys/:id — revokes a key immediately.
  • GET /admin/api-keys — lists all keys with metadata (never the raw key after creation).
  • Integration test: create key → use it → revoke → rejected.

Files: src/middleware/api-key.middleware.ts, src/routes/admin.routes.ts


Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions