Quick question about ApiKey suitability


I have Users of a system that manage multiple Sites.

I want to give an ApiKey to the user for each Site that they manage, to auth third party (and our) applications.

Is ServiceStack ApiKey a suitable method to implement this? Basically I would use something like this when a User adds a Site:

                IManageApiKeys.StoreAll(new ApiKey
                    UserAuthId = CurrentUser.Id
                    Meta = ["SiteId", "MySite"]

Which I could then use for authentication in the services. Does this sound like something that ApiKey’s would be a good implementation for, or am I better off just maintaining a simple list of strings with the User and Site that could be checked against in a new Auth Provider?

Many thanks,

The API Key maps to a User, so if you create a new “User” to represent each site, you can just give them the API Key for that User Account.