AsyncAPI Logo
On this page

HttpApiKey Authentication

Found an error? Have a suggestion?Edit this page on GitHub

Getting Started with HttpAPIKey Authentication

This guide will walk you through how to implement authentication using the httpApiKey security scheme in Glee.

Below is a sample asyncapi.yaml for a server with security requirements and the HttpApiKey security scheme:

1## Server AsyncAPI Schema
2asyncapi: 3.0.0
3info:
4  title: AsyncAPI IMDB Server
5  version: 1.0.0
6  description: This app is a dummy server that streams the trending/upcoming anime.
7servers:
8  trendingAnimeServer:
9    host: 'localhost:8081'
10    protocol: http
11    security:
12      - $ref: '#/components/securitySchemes/apiKey'
13
14      ...
15
16components:
17  securitySchemes:
18    apiKey:
19      type: httpApiKey
20      name: api_key
21      in: query
22

A sample asyncapi.yaml for a client that implements some of the requirements of the server above:

1## Client AsyncAPI Schema
2servers:
3  trendingAnime:
4    host: localhost:8081
5    protocol: http
6    security:
7      - $ref: '#/components/securitySchemes/apiKey'
8  testwebhook:
9    host: localhost:9000
10    protocol: ws
11x-remoteServers:
12  - trendingAnime
13
14  ...
15
16components:
17  securitySchemes:
18    apiKey:
19      type: httpApiKey
20      name: api_key
21      in: query
22

The httpApiKey can be located in either the header or query parameter.

The client asyncapi.yaml file does not need to implement all the security requirements of the server; it only needs to implement the ones it uses, like httpApiKey here.

Client Side

Following the client asyncapi.yaml file above, create a file named trendingAnime.ts in the auth directory, as this is the server that has the security property.

touch auth/trendingAnime.ts

When using the HttpApiKey security scheme, it is important to pass the parameters as follows:

1export async function clientAuth({ parsedAsyncAPI, serverName }) {
2  return {
3    apiKey: process.env.APIKEY
4  }
5}

apiKey should be the name of the security requirement as specified in your asyncapi.yaml file, and its value should be a string.

Server Side

From the server asyncapi.yaml file above, create a file named trendingAnimeServer.ts in the auth directory, as this is the server that has the security property.

touch auth/trendingAnimeServer.ts

On the server side, you can retrieve the values as follows:

1
2export async function serverAuth({ authProps, done }) {
3  authProps.getHttpAPIKeys('api_key')
4  
5  done(true)
6}
7

So, getHttpAPIKeys(name) takes a name parameter to specify the name of the httpApiKey that is desired. Then it returns an object containing the httpApiKey value that is sent from the client.

Was this helpful?
Help us improve the docs by adding your contribution.
OR
Github:AsyncAPICreate Issue on GitHub