Skip to main content

Key Auth

KeyAuth protects routes with an API key validator.

app.Use(middleware.KeyAuth(middleware.KeyAuthStatic(os.Getenv("API_KEY"))))

By default, Zinc reads Authorization: Bearer <key>.

Use another extractor when keys live somewhere else.

app.Use(middleware.KeyAuthWithConfig(middleware.KeyAuthConfig{
	Extractor: middleware.KeyAuthFromHeader("X-API-Key"),
	Validator: middleware.KeyAuthStatic("secret"),
}))

Available extractors:

  • KeyAuthFromAuthorizationHeader()
  • KeyAuthFromHeader(header)
  • KeyAuthFromHeaderPrefix(header, prefix)
  • KeyAuthFromQuery(name)
  • KeyAuthFromCookie(name)
  • KeyAuthFromFirst(...)

Inside handlers, use KeyAuthCurrent(c) or MustKeyAuthCurrent(c) to read the accepted key source.