module RooOnRails::Concerns::RequireApiKey

This concern allows API authentication in a consistent manner.

If a service connects with basic auth using the username “service” then the `SERVICE_CLIENT_KEY` environment variable must have the given password as one of the comma separated strings within it or a 403 will be raised.

@example: Any service with an acceptable key can access routes

class ThingController < ApplicationController
  include RooOnRails::Concerns::RequireApiKey
  require_api_key

  # etc
end

@example: Only the specified clients can access specific routes in this controller

class ThingController < ApplicationController
  include RooOnRails::Concerns::RequireApiKey
  require_api_key(only_services: :my_service, only: :create)

  # etc
end

Attributes

current_client[R]