Apply different authentication for each specific api

Hello I don’t know if someone have ask it but I want to implement like that:

I have 2 apis:

  • test/apikey <== this only can use with apikey and can Not use with jwt
  • test/jwtapi <== this only can use with jwt

How to implement it in service stack in simple way?

You can limit that a Service should only authenticate with a specific provider by specifying the provider name in the [Authenticate] attribute, e.g:

[Authenticate(AuthenticateService.ApiKeyProvider)]
public class ApiKeyAuthServices : Service
{
    public object Any(ApiKeyOnly request) => ...;
}

[Authenticate(AuthenticateService.JwtProvider)]
public class JwtAuthServices : Service
{
    public object Any(JwtOnly request) => ...;
}
1 Like

Thank you for your fast response.

I have one more question. If I want to setup Role for each apikey like:

  • admin apikey can access some admin apis but user’s apikey can not.

I think I should manually check by use

ApiKey apiKey = req.GetApiKey();

Is my understanding correct?

Each API Key is attached to a single user, roles would need to be attached to the user, not the API Key.

1 Like

Oh, now I’ve got this point. Thank you.

1 Like