Replies: 1 comment
-
Hi, You can do this by writing a custom authenticator as described here. The first example near the top of this page should be sufficient. Don't forget to enable your authenticator in https://symfony.com/doc/current/security/custom_authenticator.html No need to use JWT bundle if you are issuing and governing the API key yourself. -- Raf. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I'm implementing an API for my company and I've decided to try out api-platform, that seems fantastic to me. The main project is a Pimcore (based on Symfony 4) application. I've installed api-platform and managed to expose some entities, register some operations and serializations option.. no problem so far.
I'm however stuck on the authentication. I would avoid installing the JWT bundle if possible, since only very few user will have access to this API and they'll receive a token or apikey from us.
This token will be passed in the request header and be used for two main puroposes:
What's the best way to implement this in api-platform? I was thinking about the following options:
Are there other, better options to do this? Or I'm thinking in the wrong direction?
Beta Was this translation helpful? Give feedback.
All reactions