|
|
|
|
|
|
by dsinghvi
1359 days ago
|
|
|
It seems like in-house is the way to go since there are no other alternatives. Things we would have to build: - Generating API Keys (with expiry)
- Storing API Keys securely
- Revoking API Keys
- Adding metadata to API Keys
It seems like there could be a generic API to power all of that, while still enabling applications to be opinionated about whether the incoming request is authenticated and has the right permissions. |
|
|