API Key Module

The API Key Module provides API-key-related features in your Medusa and Node.js applications.

How to Use API Key Module's Service#

Use the API Key Module's main service by resolving from the Medusa container the resource Modules.API_KEY imported from @medusajs/framework/utils.

For example:


Features#

API Key Types and Management#

Manage API keys in your store. You can create both publishable and secret API keys for different use cases, such as:

  • Publishable API Key associated with resources like sales channels.
  • Authentication token for admin users to access Admin API Routes.
  • Password reset tokens when a user or customer requests to reset their password.
Code
1const pubApiKey = await apiKeyModuleService.createApiKeys({2  title: "Publishable API key",3  type: "publishable",4  created_by: "user_123",5})6
7const secretApiKey = await apiKeyModuleService.createApiKeys({8  title: "Authentication Key",9  type: "secret",10  created_by: "user_123",11})

Token Verification#

Verify tokens of secret API keys to authenticate users or actions, such as verifying a password reset token.

Code
1const authenticatedToken = await apiKeyModuleService.authenticate("sk_123")2
3if (!authenticatedToken) {4  console.error("Couldn't verify token")5} else {6  console.log("Token verified successfully!")7}

Revoke Keys#

Revoke keys to disable their use permenantly.

Code
1const revokedKey = await apiKeyModuleService.revoke("apk_1", {2  revoked_by: "user_123",3})

Roll API Keys#

Roll API keys by revoking a key then re-creating it.

Code
1const revokedKey = await apiKeyModuleService.revoke("apk_1", {2  revoked_by: "user_123",3})4
5const newKey = await apiKeyModuleService.createApiKeys({6  title: revokedKey.title,7  type: revokedKey.type,8  created_by: revokedKey.created_by,9})
Was this page helpful?
Edit this page