Skip to content

API key validation filter #222

Description

@shaneutt

API key validation filter with header/query extraction and backend lookup.

Requirements

  • Extract API key from configurable header (e.g. X-API-Key) or query parameter
  • Lookup backend: in-memory map or KV store registry
  • Constant-time comparison to prevent timing attacks
  • Optional: map API key to tenant identity in FilterContext
  • Return 401 on missing key, 403 on invalid key

Implementation Notes

  • Implement as HttpFilter under filter/src/builtins/http/security/
  • Use subtle::ConstantTimeEq or equivalent for comparison
  • KV store integration for dynamic key management

Parent epic: #12

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Fields

    No fields configured for Task.

    Projects

    Status
    Next

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions