Xeku.ApiKey.WebApi
0.0.0.7
dotnet add package Xeku.ApiKey.WebApi --version 0.0.0.7
NuGet\Install-Package Xeku.ApiKey.WebApi -Version 0.0.0.7
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Xeku.ApiKey.WebApi" Version="0.0.0.7" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Xeku.ApiKey.WebApi" Version="0.0.0.7" />
<PackageReference Include="Xeku.ApiKey.WebApi" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Xeku.ApiKey.WebApi --version 0.0.0.7
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Xeku.ApiKey.WebApi, 0.0.0.7"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Xeku.ApiKey.WebApi@0.0.0.7
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Xeku.ApiKey.WebApi&version=0.0.0.7
#tool nuget:?package=Xeku.ApiKey.WebApi&version=0.0.0.7
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Xeku.ApiKey.WebApi
ASP.NET Core Web API module providing API Key authentication for XAF applications.
Features
- X-API-Key Header Authentication: Standard API Key authentication via HTTP header.
- XAF Security Integration: Integrates with XAF permission system via
ClaimsPrincipal. - Admin Management Endpoints: RESTful API endpoints for managing keys (admin only).
- Swagger Support: Built-in support for API Key authorization in Swagger UI.
- Multiple Auth Schemes: Works seamlessly alongside JWT authentication.
Authentication Flow
sequenceDiagram
Client->>API: Request with X-API-Key header
API->>ApiKeyAuthenticationHandler: Authenticate
ApiKeyAuthenticationHandler->>Database: Query ApiKeyInfo by hash
Database-->>ApiKeyAuthenticationHandler: ApiKeyInfo
ApiKeyAuthenticationHandler->>ApiKeyAuthenticationHandler: Create ClaimsPrincipal
ApiKeyAuthenticationHandler-->>API: AuthenticationTicket
API-->>Client: Response with user permissions
Installation
0. NuGet Package
dotnet add package Xeku.ApiKey.WebApi
1. Register XAF Authentication Provider
Add in builder.Security block in Startup.cs:
builder.Security
.AddAuthenticationProvider<ApiKeyAuthenticationProvider<ApplicationUser>>();
2. ⚠️ CRITICAL: Configure Antiforgery
WARNING: Skipping this step will cause ALL ApiKey requests to return HTTP 400 Bad Request!
XAF Web API includes built-in antiforgery protection that conflicts with API Key authentication. You MUST exclude the ApiKey and JWT Bearer schemes:
builder.Security
.UseIntegratedMode(options => { ... })
.AddPasswordAuthentication(options => { ... })
.ConfigureAntiforgery(options =>
{
options.ExcludeAuthenticationSchemes.Add(ApiKeyAuthenticationHandler.SchemeName);
options.ExcludeAuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
});
3. Add ApiKey Authentication Service
Add after services.AddAuthentication().AddJwtBearer(...):
services.AddXekuApiKeyWebApi();
Note:
AddXekuApiKeyWebApi()automatically configuresForwardDefaultSelectorto route requests withX-API-Keyheader to the ApiKey authentication scheme.
4. Update Authorization Policy
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.RequireXafAuthentication()
.Build();
});
Tip: Since
ForwardDefaultSelectorhandles routing, onlyJwtBearerDefaults.AuthenticationSchemeis needed in the policy.
Usage
Add X-API-Key header to HTTP requests:
curl -H "X-API-Key: cak_your-api-key" \
https://localhost:5001/api/odata/YourEntity
AI Agent Integration
Suggested Context
- Endpoint Protection: Use
[Authorize(AuthenticationSchemes = "ApiKey")]for specific controllers. - Audit Requirement: Always log the
NameIdentifierclaim returned by the API key handler.
Common Tasks
- "How do I add API Key support to my existing OData service?"
- "Generate an API key for user 'ServiceAccount' via the management API."
Related Projects
- Xeku.ApiKey - Core module
License
MIT License
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- DevExpress.ExpressApp (>= 25.2.3)
- DevExpress.ExpressApp.Security (>= 25.2.3)
- DevExpress.ExpressApp.WebApi (>= 25.2.3)
- DevExpress.Persistent.BaseImpl.Xpo (>= 25.2.3)
- Microsoft.Data.SqlClient (>= 6.1.2)
- Xeku.ApiKey (>= 0.0.0.7)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.