CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Concepts page for api keys

Browse Source
This commit is contained in:
Madison Kennedy 2025-04-22 12:08:04 +00:00
parent 9746673a0a
commit 0c2682afe2
1 changed files with 206 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
docs/fern/docs/pages-template/concepts/api-keys.mdx Normal file
View File

@ -0,0 +1,206 @@
---
slug: concepts/api-keys
subtitle: Create and manage API keys for users and teams
---
API keys provide a secure way for your users to authenticate with your application's backend.
They enable programmatic access to your API services, allowing users to interact with their own data without requiring username/password authentication for each request.
yourou can offer both user-specific and team-based API keys that can be created, managed, and revoked as needed.
## Overview
API keys allow your users to access your backend services programmatically. Stack Auth provides two types of API keys:
### User API keys
User API keys are associated with individual users and allow them to authenticate with your API to access their own data. These keys can be created by users themselves or by administrators on behalf of users.
<Tabs>
<Tab title="Client">
```typescript
const user = await stackApp.getUser();
const apiKey = await user.createApiKey({
description: "My client application",
expiresAt: new Date(Date.now() + (90 * 24 * 60 * 60 * 1000)), // 90 days
isPublic: false,
});
```
</Tab>
<Tab title="Server">
```typescript
const user = await stackServerApp.getServerUserById("user-id-here");
const apiKey = await user.createApiKey({
description: "Admin-provisioned API key",
expiresAt: new Date(Date.now() + (30 * 24 * 60 * 60 * 1000)), // 30 days
isPublic: false,
});
```
</Tab>
</Tabs>
### Team API keys
Team API keys are associated with teams and provide access to team resources. These are useful for shared services or applications that need to access team data.
<Tabs>
<Tab title="Client">
```typescript
const user = await stackApp.getUser();
const team = await user.getTeam("team-id-here");
const teamApiKey = await team.createApiKey({
description: "Team integration service",
expiresAt: new Date(Date.now() + (60 * 24 * 60 * 60 * 1000)), // 60 days
isPublic: false,
});
```
</Tab>
<Tab title="Server">
```typescript
const team = await stackServerApp.getTeam("team-id-here");
const teamApiKey = await team.createApiKey({
description: "Admin-provisioned team API key",
expiresAt: new Date(Date.now() + (30 * 24 * 60 * 60 * 1000)), // 30 days
isPublic: false,
});
```
</Tab>
</Tabs>
## Setting Up API Keys in stack auth
To use API keys in your application, you need to enable them in your project settings. Navigate to the Stack Auth dashboard, select your project, and enable User API Keys and/or Team API Keys in the project settings.
## Working with API Keys
### Creating User API Keys
<Tabs>
<Tab title="Client">
```typescript
const apiKey = await user.createApiKey({
description: "Development environment key",
expiresAt: new Date(Date.now() + (90 * 24 * 60 * 60 * 1000)), // 90 days from now
isPublic: false,
});
```
</Tab>
<Tab title="Server">
```typescript
const userId = "user-id-here";
const user = await stackServerApp.getServerUserById(userId);
const apiKey = await user.createApiKey({
description: "API key created by server",
expiresAt: new Date(Date.now() + (90 * 24 * 60 * 60 * 1000)), // 90 days
isPublic: false,
});
```
</Tab>
</Tabs>
### Creating Team API Keys
<Tabs>
<Tab title="Client">
```typescript
const team = await user.getTeam("team-id-here");
const teamApiKey = await team.createApiKey({
description: "Team service integration",
expiresAt: new Date(Date.now() + (60 * 24 * 60 * 60 * 1000)), // 60 days
isPublic: false,
});
```
</Tab>
<Tab title="Server">
```typescript
const team = await stackServerApp.getTeam("team-id-here");
const teamApiKey = await team.createApiKey({
description: "Server-created team API key",
expiresAt: new Date(Date.now() + (60 * 24 * 60 * 60 * 1000)), // 60 days
isPublic: false,
});
```
</Tab>
</Tabs>
### Listing API Keys
<Tabs>
<Tab title="Client">
```typescript
// List user's API keys
const userApiKeys = await user.listApiKeys();
// List a team's API keys
const team = await user.getTeam("team-id-here");
const teamApiKeys = await team.listApiKeys();
// Using hooks in React components
const apiKeys = user.useApiKeys();
const teamApiKeys = team.useApiKeys();
```
</Tab>
<Tab title="Server">
```typescript
// List a specific user's API keys
const user = await stackServerApp.getServerUserById("user-id-here");
const userApiKeys = await user.listApiKeys();
// List a team's API keys
const team = await stackServerApp.getTeam("team-id-here");
const teamApiKeys = await team.listApiKeys();
```
</Tab>
</Tabs>
### Revoking API Keys
API keys can be revoked when they are no longer needed or if they have been compromised.
<Tabs>
<Tab title="Client">
```typescript
const apiKeys = await user.listApiKeys();
const apiKeyToRevoke = apiKeys.find(key => key.id === "api-key-id-here");
if (apiKeyToRevoke) {
await apiKeyToRevoke.revoke();
}
```
</Tab>
<Tab title="Server">
```typescript
const user = await stackServerApp.getServerUserById("user-id-here");
const apiKeys = await user.listApiKeys();
const apiKeyToRevoke = apiKeys.find(key => key.id === "api-key-id-here");
if (apiKeyToRevoke) {
await apiKeyToRevoke.revoke();
}
```
</Tab>
</Tabs>
### Checking API Key Validity
You can check if an API key is still valid:
```typescript
const apiKeys = await user.listApiKeys();
const apiKey = apiKeys.find(key => key.id === "api-key-id-here");
if (apiKey && apiKey.isValid()) {
// API key is valid
} else {
// API key is invalid (expired or revoked)
const reason = apiKey ? apiKey.whyInvalid() : "not found";
console.log(`API key is invalid: ${reason}`);
}
```