API Key authentication strategy for Hapi.js
npm install hapi-auth-api-keyimport Hapi from '@hapi/hapi'
import HapiAuthApiKey from 'hapi-auth-api-key'
const VALID_API_KEY = process.env.API_KEY || 'your-secret-api-key'
const init = async () => {
const server = Hapi.server({
port: 3000,
host: 'localhost'
})
await server.register({
plugin: HapiAuthApiKey, options: { apiKey: VALID_API_KEY }
})
server.auth.strategy('api-key', 'api-key')
server.route({
method: 'GET',
path: '/',
options: {
auth: 'api-key'
},
handler: (request, h) => {
console.log('Authenticated request with API key:', request.auth.credentials.apiKey)
return 'Hello World!'
}
})
await server.start()
console.log('Server running on %s', server.info.uri)
}
process.on('unhandledRejection', (err) => {
console.log(err)
process.exit(1)
})
init()By default, the plugin expects clients to send the API key in the x-api-key header with each request:
curl -H "x-api-key: your-secret-api-key" http://localhost:3000/Alternatively, you can configure the plugin to accept the API key as a query parameter by setting the queryParamName option.
The plugin accepts the following options during registration:
The API key(s) that are valid for authentication. Can be:
-
String: A single API key
{ apiKey: 'your-secret-api-key' }
-
Array of strings: Multiple valid API keys
{ apiKey: ['key-1', 'key-2', 'key-3'] }
-
Function: A function that receives the request and returns a string or array of strings
{ apiKey: (request) => request.headers['x-tenant-id'] === 'tenant-a' ? 'key-a' : 'key-b' }
-
Promise: A promise that resolves to a string or array of strings
{ apiKey: fetchApiKeysFromDatabase() }
The name of the header to check for the API key. Defaults to x-api-key.
{ headerName: 'authorization' }The name of the query parameter to check for the API key. Defaults to api-key.
{ queryParamName: 'key' }Note: At least one of headerName or queryParamName must be specified (or left as default).