MongoDB Logo
ServerDriversCloudToolsGuides
Get MongoDB
Close ×
MongoDB Stitch
Introduction
Tutorials
Users & Authentication
Overview
User Management
Stitch Users
Configure Custom User Data
Finding a User
Viewing User Data
Managing User Accounts
Linking User Accounts
Working with Multiple User Accounts
Authentication Providers
Overview
Anonymous
Email/Password
API Key
Apple ID
Facebook OAuth 2.0
Google OAuth 2.0
Custom Function
Custom JWT
MongoDB Atlas
GraphQL
MongoDB Mobile
Functions
Triggers
External Services
Values & Secrets
Application Deployment
Hosting
Troubleshooting
Stitch Administration
Application Logs
Client SDKs
Release Notes
Stitch > Users & Authentication > Authentication Providers
API Key Authentication
On this page
Overview
Server API Keys
User API Keys
Configuration
Usage
Authenticate with an API Key
Create a User API Key
Create a Server API Key
Look up an Existing User Key
Enable or Disable an API Key
Delete an API Key
Overview
The API Key authentication provider allows users to log in using generated keys. There are two types of API keys in MongoDB Stitch: server keys and user keys.
Server API Keys
Server API keys are generated centrally in the Stitch UI and are associated with automatically created Stitch server users. Provide a server key to external applications and services to allow them to authenticate directly with Stitch.
User API Keys
User API keys are generated for specific application users by the client SDKs. You can allow devices or services to communicate with Stitch on behalf of a user by associating a unique user key with each device.
User keys are always associated with a user object created by another authentication provider. Each user can associate up to 20 user keys with their account.
Configuration
Stitch UI Import/Export
You can enable and configure the API Key authentication provider from the Stitch UI by selecting API Keys from the Users > Providers page.
Note
The API Key authentication provider does not have any provider-specific configuration options.
Usage
JavaScript SDK Android SDK iOS SDK
Authenticate with an API Key
To log a user in using an API key, instantiate a UserApiKeyCredential with the user’s API key and pass it to the StitchAuth.loginWithCredential() method.
const credential = new UserApiKeyCredential("")
Stitch.defaultAppClient.auth.loginWithCredential(credential)
.then(authedId => {
console.log(successfully logged in with id: ${authedId});
})
.catch(err => console.error(login failed with error: ${err}));
Create a User API Key
To create a new user API key, obtain a UserApiKeyAuthProviderClient instance, and call the createApiKey() method when a user is already logged in with a different, non-anonymous authentication provider. The API key will be associated with the logged in user and can be used to interact with Stitch on their behalf.
Important
Stitch will only show you the key’s value one time. Make sure to copy the value returned from createApiKey() somewhere safe, otherwise you will need to generate a new key.
const apiKeyClient = Stitch.defaultAppClient.auth
.getProviderClient(UserApiKeyAuthProviderClient.factory);
apiKeyClient
.createApiKey(’’)
.then(result => {
const { name, key } = result;
console.log(Successfully created user API key ${name} with value ${key});
})
.catch(err => console.error(err));
Create a Server API Key
To create a new server API key, navigate to the API Key authentication configuration page in the Stitch UI and click Create API Key. Enter a unique name for the key and click Save.
Important
Remember to copy the server key’s value as soon as you create it. Once you leave the provider configuration page or disable the key you will not be able to find the value again in the Stitch UI.
Look up an Existing User Key
To get a list of all keys associated with the logged in user, obtain a UserApiKeyAuthProviderClient instance, and call the fetchApiKeys() method.
const apiKeyClient = Stitch.defaultAppClient.auth
.getProviderClient(UserApiKeyAuthProviderClient.factory);
apiKeyClient
.fetchApiKeys()
.then(keys => keys.forEach(key => {
const { _id: keyId, name } = key
console.log(Found key ${name} with id ${keyId})
})
.catch(err => console.error(Error authenticating: ${err}));
To look up a specific key for the logged in user, pass the key’s _id value to the fetchApiKey() method.
const apiKeyClient = Stitch.defaultAppClient.auth
.getProviderClient(UserApiKeyAuthProviderClient.factory);
apiKeyClient
.fetchApiKey("")
.then(key => console.log(Successfully fetched API key: ${key}))
.catch(err => console.error(Error fetching API key: ${err}))
Enable or Disable an API Key
To disable a specific API key without deleting it, obtain a UserApiKeyAuthProviderClient instance, and call the disableApiKey() method with the key’s _id value.
const apiKeyClient = Stitch.defaultAppClient.auth
.getProviderClient(UserApiKeyAuthProviderClient.factory);
apiKeyClient
.disableApiKey("")
.then(() => console.log(‘Successfully disabled API key’))
.catch(err => console.error(Error disabling API key: ${err}))
To enable a specific API key that was previously disabled, pass the key’s _id value to the enableApiKey() method.
const apiKeyClient = Stitch.defaultAppClient.auth
.getProviderClient(UserApiKeyAuthProviderClient.factory);
apiKeyClient
.enableApiKey("")
.then(() => console.log(‘Successfully enabed API key’))
.catch(err => console.error(Error deleting API key: ${err}))
Delete an API Key
To delete a specific API key, obtain a UserApiKeyAuthProviderClient instance, annnd pass the key’s _id value to the deleteApiKey() method.
const apiKeyClient = Stitch.defaultAppClient.auth
.getProviderClient(UserApiKeyAuthProviderClient.factory);
apiKeyClient
.deleteApiKey("")
.then(() => console.log(‘Successfully deleted API key’))
.catch(err => console.error(Error deleting API key: ${err}))
← Email/Password Authentication Apple ID Authentication →
© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.
Was this page helpful?
Yes
No
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
