Simple Meteor API Key Management

This is a meteor >=2.14 package, which allows to manage api keys that can be used to access a rest api for example. All relevant server functions are provided. Api key can optionally be linked to a meteor user and you can also attach a note to each api key.

The server class also provides a method for getting a middleware e.g. for express to check requests agains a valid api key. Note that this middleware will not check if the user associated with the api key matches the user making the request.

Meteor methods are not provided, since these will in general require some custom policy checks, depending on the apps structure.

Api Keys will be stored in a collection named meteor-api-keys with indices on the keys and on the associated userIds.

Server Functionality

You can check the server API right here. Use these methods to wrap your meteor methods around, e.g.

1const myMeteorApiKeySrv = new ApiKeysServer({});
2
3Meteor.methods({
4    async 'removeApiKey' (key){
5        const isAllowed = await doMyPolicyChecks();
6        if (!isAllowed) throw new Meteor.Error(403, "Not allowed");
7        await myMeteorApiKeySrv.deleteKey({ key });
8    },
9
10    async 'createKeyForCurrentUser' (note){
11        const isAllowed = await doMyPolicyChecks();
12        if (!isAllowed) throw new Meteor.Error(403, "Not allowed");
13        try {
14            await myMeteorApiKeySrv.createKeyForCurrentUser({ note });
15        } catch (e) {
16            console.warn("Couldn't create an api key, no user present");
17            throw e;
18        }
19    }
20})

Meteor Publications

• Meteor.publish('meteorApiKeys', function publishApiKeys())

Publishes the API keys for the current user.