PecanProject
API Key management for REST API's
Description
Currently we don't have any sort of keys to our API for authorization purposes.
Proposed Solution
This feature will introduce the concept of API keys in the PEcAn REST API's, an API key shall be passed by the user in the header X-API-Key
The API would be more secure now and in the future we can use this API key to track the requests from the user. This feature has a lot of future prospects in itself and would be a good to have it implemented.
I would recommend against making a key a general requirement for the PEcAn API, but I could see using it to restrict access for specific POST features that we might not want anyone to execute. It could also be acceptable to use keys to relax limits the number of queries a user could submit per day or per hour (e.g. NEON does this). But in a general sense I don't think it would be FAIR to require a key for any GET queries.
Yes @mdietze sir, so we could have the Api key mandatory for all the POST requests that are done to the API server. We can refrain ourselves from implementing the API key for GET requests.
However, few of the orgs do this for GET requests too, in order to track the user requests and sometimes they dont want the user to hit it multiple times.
This issue is stale because it has been open 365 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}