feat: API Keys by oxypomme · Pull Request #271 · ezpaarse-project/ezmesure

oxypomme · 2026-05-28T11:40:21Z

API

Added API Key management
- Allows for keys scoped to a user (cli, scripts, etc.)
  - Permissions of user are passed to the key
- Allows for keys scoped to an institution (crons, etc.)
  - Keys are fine grained and user defined
Added auth flow for API Keys
- Renamed middlewares (requireJWT -> requireAuth)
- requireJWT still exists but only checks for JWT / JWE and reject API keys
Added user permissions api-keys:read and api-keys:write for managing API keys scoped to institution
- Keys scoped to an institution can't have those permissions
API Keys can't manage other API Keys

Front

Added API key management for users
- Added in the /profile page
- Merged the /token page with the /profile
- Added banner to explicit that app tokens (old JWTs) are deprecated

Added API key management for admins

Added API key form (admins are asked to specify user OR institution)

Added API key managements for institution members

might change that to the ones with permission on repositories and/or aliases

the correct rights

oxypomme and others added 28 commits August 27, 2025 15:33

feat(api): added API keys into DB

bf45656

feat(api): added api keys to auth logic

17c728a

feat(api): creating a elastic user for every api key

09e2926

might change that to the ones with permission on repositories and/or aliases

feat(api): logs routes can now use API key instead of user JWT

74953d3

feat(api): added routes for instituions api keys

3bb9069

fix(api): added missing locales entries

bfe259e

fix(api): fixed activeUpdatedAt not beign updated on api keys

c4af5bd

feat(front): added page to manage API keys of institution

5bc46fe

feat(front): added links to api keys management page

bbe172f

feat(front): shows API key when created

1579248

fix(api): fixed API keys that never expires

c5a2f42

feat(api): added routes to manage api keys of current user

8ba71ba

feat(front): added interface to manage api keys of current user

a9d53d0

feat(api): added routes to manage api keys from admin

8218439

feat(front): added interface to manage api keys

8c7ec9f

fix(api): prevent privilege escalation using API keys

e33f671

fix(front): fixed pattern field when creating api keys

9be64a9

docs(api): added openapi for api-keys routes

f87648f

fix(front): added missing texts in API key form

58e2a29

feat(api): added import route for API keys

08c9455

feat(front): added api keys to sidebar menu

1f81c9c

feat(front): hide/disable features/repos/aliases when user doesn't have

8a2f976

the correct rights

Merge branch 'develop' into feature/api-keys

21659e2

Merge branch 'feature/oidc' into feature/api-keys

33267ce

Merge branch 'develop' into feature/api-keys

6d1deb7

Merge branch 'develop' into feature/api-keys

0f757b6

fix(front): fixed middlewares of api key management

3ee8e9c

fix(api): fixed name of apiKeyPermissions of RepositoryAlias

c552119

oxypomme requested a review from nojhamster May 28, 2026 11:40

oxypomme added the enhancement label May 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: API Keys#271

feat: API Keys#271
oxypomme wants to merge 28 commits into
developfrom
feature/api-keys

oxypomme commented May 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

oxypomme commented May 28, 2026

API

Front

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant