Here we need to find a mechanism on how to generate an api key and store it in a database in encrypted value and all requests to the api need to pass as a header called API_KEY and this value will be compared with what we have in our database and if this matches then only we will allow the access to the api call
is there any best approach/suggestions to solve this in java might be using spring security or jwt token or any mechanism please suggest and would be highly appreciate for this help. any example or sample code snippet would be helpful.
CodePudding user response:
Maybe you could use PBKDF2? The popular Django framework uses that.
https://en.wikipedia.org/wiki/PBKDF2
CodePudding user response:
In case you want to store encrypted Api Keys in DB and later validate them, you can use PasswordEncoder
provided by Spring Security:
Spring Security’s PasswordEncoder interface is used to perform a one way transformation of a password to allow the password to be stored securely. Given PasswordEncoder is a one way transformation, it is not intended when the password transformation needs to be two way (i.e. storing credentials used to authenticate to a database). Typically PasswordEncoder is used for storing a password that needs to be compared to a user provided password at the time of authentication.
This tutorial provides some details how you can configure and use PasswordEncoder
.