Unify and clarify how to write "api-key" vs. "api_key" vs. "apikey" and stick to (Swagger) standards?

/** * Retrieve key from request. * * @param \Symfony\Component\HttpFoundation\Request $request * The request object that the service will respond to. * * @return bool * True if api key is present */ public function getKey(Request $request) { // Exempt edit/delete form route. $route_name = $this->currentRouteMatch->getRouteName(); if (str_contains($route_name ?? '', 'entity.api_key')) { return FALSE; } $form_api_key = $request->request->get('api_key'); if (!empty($form_api_key)) { return $form_api_key; } $query_api_key = $request->query->get('api_key'); if (!empty($query_api_key)) { return $query_api_key; } $header_api_key = $request->headers->get('apikey'); if (!empty($header_api_key)) { return $header_api_key; } return FALSE; }

Comments & Activities

Issue created by @Anybody
Comment about 1 year ago →
🇩🇪Germany markaspot
Thank you for looking into this. I suspect the module's description might be based on version 7.x, prior to merging it with a similar module resulting in the 3.x branch. However, I’m not entirely certain about this. I'm wondering if the api-key parameter, which could have been relevant in the D7 version is still relevant. Anyway I am open to a configurable option, but I think this would need a new maintainership, as my time constraints prevent me from keeping this module alive. Sure it would be easy to edit the module description, if it's just a typo.
Comment 11 months ago →
🇩🇪Germany Anybody Porta Westfalica
@Maintainers: I'd very much like to read your feedback here.

This is my suggestion:
1. Make "api_key" the default for new installations (for all methods) but keep the old key for existing sites
2. Make the key configurable (per method)

What do you think?

This way it would be self-documenting in docs and we'd have a very flexible solution.
Assigned to Grevil
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
Let's do it like described in #3!
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
Also see 📌 Type error in documentation Active
Comment 2 months ago →
🇩🇪Germany Anybody Porta Westfalica
@grevil also note 💬 JSON:API & RESTful Web Services compatibility? Active - whatever that means.
Comment 2 months ago →
🇩🇪Germany Grevil
Fixed through 🐛 namespace "api_key: causes access denied if a form has element also called 'api_key' Fixed .
Comment about 2 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Unify and clarify how to write "api-key" vs. "api_key" vs. "apikey" and stick to (Swagger) standards?

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments & Activities