It seems like in-house is the way to go since there are no other alternatives.
Things we would have to build:
- Generating API Keys (with expiry)
- Storing API Keys securely
- Revoking API Keys
- Adding metadata to API Keys
It seems like there could be a generic API to power all of that, while still enabling applications to be opinionated about whether the incoming request is authenticated and has the right permissions.
Things we would have to build:
It seems like there could be a generic API to power all of that, while still enabling applications to be opinionated about whether the incoming request is authenticated and has the right permissions.