how can define a apiKey for all document models for ex Media

koakhlast year

3

• 

  jmikrut

  last year

  I think you are just misunderstanding API keys. Here's a quick overview (we'll update docs so this is more clear @seanzubrickas if you can make this happen that'd be great)

  
  
  

  Basically, in Payload, you can "authenticate" as a user. Users are just documents in a collection. And if you authenticate as a user, you'll have that user show up on the

  req

  as

  req.user

  as you likely already know from working with the default Payload authentication strategy.

  
  
  

  But just like you can "authenticate" as a user with an email / password (this is considered as our default local auth strategy) you can also authenticate as a user with an API key.

  
  
  

  API keys are generated on a user-by-user basis, just like email / passwords - - they are meant to each represent a single

  user

  . And if you generate an API key on a user, and add it as a header as described in our docs, then Payload will recognize the request being made as a request by the user associated with that API key.

  
  
  

  This is super helpful and lets you maintain granular access over your API keys - you might create a "user" that reflects an integration with a specific external service, and should be given a "role" or specific access needed only by that service / integration. Or you might create a "super admin" user and have an API key assigned to that user, so that any requests made with that API key are considered as being made by that super user.

  
  
  

  The beautiful part of our authentication strategies are that access control works across all strategies the same way. You can use your existing access control to work with API keys and with typical email / password auth.

  
  

  
  

  TL;DR I don't think you should have api keys enabled for media. instead, you should either have api keys enabled for your "users" collection, which will give the request all the same abilities as the user that the api key is tied to. OR, you could create a specific collection for API keys, where api keys are maintained separately from users altogether

• 

  koakhlast year

  what a awesome answer 🙂

  
  
  

  in the end I have been fooled by the docs,

  
  
  

  maybe here

  To enable API keys on a collection

  ,

  
  

  IMHO if there is an example or said a

  Auth Collection

  , sure I use

  Users

  from the start :), shit happens lol

  
  
  

  quote: To enable API keys on a collection, set the useAPIKey auth option to true. From there, a new interface will appear in the Admin panel for each document within the collection that allows you to generate an API key for each user in the Collection.

  
  
  

  I leave here my snippets maybe it's is useful for other "fools" like me ahahaha

  
  
  

  Users Collection with

  useAPIKey

  enabled

  
  

  import { CollectionConfig } from 'payload/types';
  
  const Users: CollectionConfig = {
    slug: 'users',
    auth: {
      useAPIKey: true,
    },
    admin: {
      useAsTitle: 'email',
    },
    access: {
      read: () => true,
    },
    fields: [
      // Email added by default
      {
        name: 'name',
        type: 'text',
      }
    ],
  };
  
  export default Users;

  
  

  simple fetch example

  
  

  import User from '../collections/User';
  import { CLIENT_API_KEY  } from '$env/static/private';
  
  const response = await fetch("http://localhost:3000/api/media", {
    headers: {
      Authorization: `${User.slug} API-Key ${CLIENT_API_KEY}`,
    },
  });

  
  

  curl

  
  

  $ COLLECTION="users"
  $ API_KEY="ad9e5d05-ca46-4aa1-9435-6543fb5e793d"
  $ curl http://localhost:3000/api/media \
    -H "Accept: application/json" \
    -H "Authorization: ${COLLECTION} API-Key ${API_KEY}" \
    | jq

  
  

  and that's all folks

  
  
  

  thanks @jmikrut