Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Key auth

4,912 sites Security covered Key ecosystem
View on drupal.org

This module provides simple, user-specific key-based authentication, ideal for APIs that don't require usernames or passwords. It allows keys to be detected via headers or query parameters and securely stored within user entities.

Provides simple key-based authentication on a per-user basis similar to basic_auth but without requiring usernames or passwords. This is ideal for sites that expose consumer-facing APIs via rest, jsonapi, or something similar.

Keys are stored in the user entity so there are no additional tables or entities.

Available configuration

  • Optionally automatically generate a key for users when accounts are created
  • Key length (defaults to 32 characters)
  • Control the parameter name that contains the key (defaults to api-key)
  • Detect the key via a header, query, or both

Setup and usage

  • Remove View published content permission from role, you are using this module for.
  • Install the module.
  • Grant users the Use key authentication permission.
  • Configure the basic settings at admin/config/services/key-auth.
  • Users with adequate permissions can view/update/delete their key at user/{user}/key-auth.
  • To use with core rest, enable the key_auth authentication provider for your endpoints of choice.
  • To use with jsonapi, no additional configuration is required.
  • If Header detection is enabled, pass in a header with the name chosen in the configuration, and a value of your user's key (ie, api-key: b9a9a0ee50ceab7191282b51c).
  • If Query detection is enabled, include a query parameter in the endpoint URL with the name chosen in the configuration, and a value of your user's key (ie, ?api-key=b9a9a0ee50ceab7191282b51c).

Please Note:

To deny the anonymous user role access to a REST endpoint, one need to change permissions and deny the anonymous user the permission "View published content". Then one can enable this module and use Key authentication (as an alternative to Basic authentication) to get access to the endpoint.

Activity

Total releases
1
First release
Mar 2025
Latest release
1 year ago
Releases (12 mo)
0 ▼ from 1
Maintenance
Dormant

Releases

Version Type Release date
2.x-dev Dev Mar 7, 2025