.NET
apikee for .NET — ASP.NET Core middleware, attribute, and Swashbuckle integration.
.NET
Installation
dotnet add package ApikeeSetup
Three lines in Program.cs wire everything:
// 1. Register services
builder.Services.AddApikee(o => {
o.Secrets = [builder.Configuration["Apikee:Secret"]!];
o.HeaderName = "x-api-key"; // default
// o.ServerKey = builder.Configuration["Apikee:ServerKey"];
// o.ProjectEnv = "my-app-production";
});
// 2. Inject ApikeeAuth into Swagger UI (adds 🔒 to every endpoint)
builder.Services.AddSwaggerGen(c => c.AddApikeeSecurityDefinition());
// 3. Add middleware to the pipeline
app.UseApikee();Accessing claims
[HttpGet("/data")]
public IActionResult GetData()
{
var claims = (ApikeeClaims) HttpContext.Items["apikee.claims"]!;
return Ok(new { claims.Tenant, claims.Scopes });
}[Apikee] attribute
Protect a controller or action without global middleware:
[ApiController]
[Apikee] // all actions in this controller
public class OrdersController : ControllerBase
{
[HttpGet]
public IActionResult List() { ... }
[HttpPost]
[Apikee(Scopes = "write")] // additionally requires "write" scope
public IActionResult Create([FromBody] CreateOrderRequest req) { ... }
[HttpDelete("{id}")]
[Apikee(Scopes = "admin")] // additionally requires "admin" scope
public IActionResult Delete(int id) { ... }
}When both global UseApikee() middleware and [Apikee] attributes are present, the attribute acts as a second layer — it checks scope even after the middleware has already validated the key.
Issuing keys
Inject ApikeeClient (registered automatically by AddApikee()):
public class KeyController(ApikeeClient apikee) : ControllerBase
{
[HttpPost("/keys")]
[AllowAnonymous]
public async Task<IActionResult> CreateKey(
[FromQuery] string tenant,
[FromQuery] string scopes = "read,write")
{
string key = await apikee.CreateAsync(
tenant,
keyOpts: new KeyOptions {
Tenant = tenant,
Scopes = scopes.Split(','),
ExpiresIn = "90d",
}
);
return StatusCode(201, new { key });
}
}appsettings.json
{
"Apikee": {
"Secret": "your-signing-secret",
"ServerKey": "",
"ProjectEnv": "my-app-production"
}
}Bind in Program.cs:
builder.Services.AddApikee(o =>
builder.Configuration.GetSection("Apikee").Bind(o));Configuration reference
| Option | Type | Default | Description |
|---|---|---|---|
Secrets | string[] | required | Signing secrets. First is current. |
HeaderName | string | "x-api-key" | Header to read the key from. |
ServerKey | string? | null | apikee.dev project key. Enables server mode. |
ProjectEnv | string? | null | apikee.dev project_env slug. |
AutoRegisterEndpoints | bool | true | Register endpoints on first request (server mode). |
AutoCreateClients | bool | true | Auto-create client on key issuance (server mode). |
FailOpen | bool | true | Allow through if server call fails. |
ServerTimeout | TimeSpan | 3s | Timeout for apikee.dev calls. |
ApikeeClaims fields
| Field | Type | Description |
|---|---|---|
Id | string | Unique key ID |
Tenant | string | Tenant / owner |
Scopes | IReadOnlyList<string> | Permission scopes |
Environment | string | Environment tag |
ExpiresAt | DateTimeOffset? | Expiry |
NotBefore | DateTimeOffset? | Not-valid-before |
Meta | IReadOnlyDictionary<string, object> | User-defined metadata |
RawKey | string | Original key string |