Hrithik.Security.ApiKeyManagement
1.0.0
dotnet add package Hrithik.Security.ApiKeyManagement --version 1.0.0
NuGet\Install-Package Hrithik.Security.ApiKeyManagement -Version 1.0.0
<PackageReference Include="Hrithik.Security.ApiKeyManagement" Version="1.0.0" />
<PackageVersion Include="Hrithik.Security.ApiKeyManagement" Version="1.0.0" />
<PackageReference Include="Hrithik.Security.ApiKeyManagement" />
paket add Hrithik.Security.ApiKeyManagement --version 1.0.0
#r "nuget: Hrithik.Security.ApiKeyManagement, 1.0.0"
#:package Hrithik.Security.ApiKeyManagement@1.0.0
#addin nuget:?package=Hrithik.Security.ApiKeyManagement&version=1.0.0
#tool nuget:?package=Hrithik.Security.ApiKeyManagement&version=1.0.0
π Hrithik.Security.ApiKeyManagement
Enterprise-grade API key generation, validation, revocation, expiration, and scope-based authorization for ASP.NET Core APIs.
Designed for fintech, banking, SaaS, and partner integrations, this library helps teams implement API keys correctly and securely β avoiding common pitfalls like plaintext storage and weak authorization.
β¨ Features
π Secure API key generation (cryptographically strong)
π Hashed API key storage (never stores plaintext keys)
π― Scope-based authorization per endpoint
β±οΈ Key expiration support
π« Instant key revocation
π Zero-downtime key rotation workflows
βοΈ ASP.NET Core middleware + attributes
𧩠Pluggable storage (in-memory, EF Core, custom)
π Installation dotnet add package Hrithik.Security.ApiKeyManagement
π οΈ Quick Start 1οΈβ£ Register Services using Hrithik.Security.ApiKeyManagement.Extensions; using Hrithik.Security.ApiKeyManagement.Stores;
builder.Services.AddApiKeyManagement(options β { options.HashingSecret = "your-secure-server-secret"; });
// Development / testing builder.Services.AddSingleton<IApiKeyStore, InMemoryApiKeyStore>();
2οΈβ£ Add Middleware (Order Matters) app.UseApiKeyManagement();
Place this before request signing, replay protection, or authorization middleware.
3οΈβ£ Protect Endpoints with Scopes using Hrithik.Security.ApiKeyManagement.Attributes;
app.MapPost("/transfer", [RequireApiKeyScope("payments:write")] (decimal amount) β { return Results.Ok("Transfer successful"); });
π Generating API Keys using Hrithik.Security.ApiKeyManagement.Models;
var apiKey = apiKeyService.GenerateKey( name: "IBM Production", scopes: new[] { new ApiKeyScope("payments:read"), new ApiKeyScope("payments:write") }, expiresAt: DateTime.UtcNow.AddDays(30) );
β οΈ The raw API key is shown only once. Store it securely on the client side.
π How API Key Validation Works
Client sends X-API-KEY header
Server hashes the key
Hashed value is compared against stored hash
Key status, expiry, and scopes are enforced
Request proceeds only if valid
π Key Rotation (Zero Downtime)
This library supports safe key rotation workflows:
Generate a new API key
Keep the old key active temporarily
Distribute the new key to the client
Revoke or expire the old key
await apiKeyService.RevokeAsync(oldKeyId);
Rotation scheduling and client notification are intentionally left to the host application.
π§ Design Philosophy
API keys represent integration identity, not end users
Keys are immutable and auditable
Security decisions are explicit and deterministic
No hidden behavior or silent credential changes
π§ͺ Storage Options Store Use Case InMemoryApiKeyStore Local dev, tests, demos EF Core Store Production (coming next) Custom Store Redis, DynamoDB, Vault, etc. π Security Best Practices
Never store API keys in plaintext
Always rotate keys periodically
Use scopes instead of multiple APIs
Combine with request signing and replay protection for maximum security
π Typical Use Cases
Fintech & payment APIs
Partner integrations (B2B)
Internal microservices
Secure public APIs
Banking & regulated systems
π License
MIT License
π€ Contributing
Issues, discussions, and PRs are welcome. Security improvements and feedback are highly appreciated.
β Final Note
This library focuses on doing one thing well: secure, correct, and maintainable API key management.
If youβre building serious APIs, this gives you a solid foundation.
π§ Contact
Author: Hrithik Email: hrithikkalra11@gmail.com
NuGet: Hrithik.Security.ReplayProtection
β Support my work
If you find this package helpful, consider buying me a coffee β€οΈ
π Buy Me a Coffee
or
consider supporting its development: π https://github.com/sponsors/hrithikalra
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net8.0
- Microsoft.AspNetCore.Http.Abstractions (>= 2.3.9)
- Microsoft.AspNetCore.Mvc.Abstractions (>= 2.3.9)
- Microsoft.AspNetCore.Mvc.Core (>= 2.3.9)
- Microsoft.Extensions.Options (>= 10.0.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0 | 134 | 1/31/2026 |