Spring Boot Example
A complete Spring Boot Inventory API protected with apikee.
Spring Boot Example
A complete Inventory API using zero-config application.yml setup and SpringDoc auto-wiring.
Run it
cd examples/spring-boot && ./mvnw spring-boot:runOpen http://localhost:8080/swagger-ui.html.
Configuration
# application.yml
apikee:
secrets:
- local-dev-secret-change-in-production
header-name: x-api-key
# server-key: ${APIKEE_SERVER_KEY:}
# project-env: ${APIKEE_PROJECT_ENV:my-api-production}
springdoc:
swagger-ui:
path: /swagger-ui.htmlNo Java configuration code needed. The filter and SpringDoc customizer are auto-configured.
Key issuance endpoint
@PostMapping("/keys")
@Operation(summary = "Issue a signed API key", tags = {"auth"})
public ResponseEntity<?> createKey(
@RequestParam String tenant,
@RequestParam(defaultValue = "read,write") String scopes) {
String key = engine.create(KeyOptions.builder()
.tenant(tenant)
.scopes(Arrays.asList(scopes.split(",")))
.expiresAt(Instant.now().plus(Duration.ofDays(90)))
.build());
return ResponseEntity.status(201).body(Map.of("key", key));
}Protected endpoint
@GetMapping("/items")
@Operation(security = @SecurityRequirement(name = "ApikeeAuth"))
public Map<String, Object> listItems(HttpServletRequest req) {
ApikeeClaims claims = (ApikeeClaims) req.getAttribute("apikee.claims");
return Map.of("tenant", claims.tenant(), "items", List.of());
}Try it
curl -X POST "http://localhost:8080/keys?tenant=acme&scopes=read,write"
export KEY="apikee_..."curl -H "x-api-key: $KEY" http://localhost:8080/items
curl -X POST -H "x-api-key: $KEY" -H "Content-Type: application/json" \
-d '{"name":"Widget","qty":100}' http://localhost:8080/items