Navigation

Create & Manage User API Keys

Overview

You can use the Node SDK to create and manage user API keys that allow services to log in and interact with your app on behalf of an existing user without requiring the user to re-authenticate.

User API keys are managed as part of the API Key authentication provider but may only be created for users associated with a different, non-anonymous authentication provider.

User objects in the Node SDK include an ApiKeyAuth object that exposes methods to work with that user’s API keys.

Create a User API Key

To create a new user API key, call ApiKeyAuth.create() with an identifying name for the key. The name must be a string that’s unique among all of the user’s API keys.

const user: Realm.User = app.currentUser;
const key: Realm.Auth.ApiKey = await user.apiKeys.create("apiKeyName");
const user = app.currentUser;
const key = await user.apiKeys.create("apiKeyName");

Look up a User API Key

To get an array that lists all of a user’s API keys, call ApiKeyAuth.fetchAll(). You can also find a specific API key by calling ApiKeyAuth.fetch() with the key’s _id.

const user: Realm.User = app.currentUser;
// List all of a user's keys
const keys: Realm.Auth.ApiKey[] = await user.apiKeys.fetchAll();
// Get a specific key by its ID
const key: Realm.Auth.ApiKey = await user.apiKeys.fetch("5eb5931548d79bc784adf46e");
const user = app.currentUser;
// List all of a user's keys
const keys = await user.apiKeys.fetchAll();
// Get a specific key by its ID
const key = await user.apiKeys.fetch("5eb5931548d79bc784adf46e");

Enable or Disable an API Key

You can enable or disable a user API key by calling ApiKeyAuth.enable() or ApiKeyAuth.disable() with the key’s _id. When a key is disabled, it cannot be used to log in on behalf of the user.

// Get the ID of a User API Key
const user: Realm.User = app.currentUser;
const apiKeys: Realm.Auth.ApiKey[] = await user.apiKeys.fetchAll();
const keyId: string = apiKeys[0]["_id"];

// Enable the User API Key
await user.apiKey.enable(keyId);
// Disable the User API Key
await user.apiKey.disable(keyId);
// Get the ID of a User API Key
const user = app.currentUser;
const apiKeys = await user.apiKeys.fetchAll();
const keyId = apiKeys[0]["_id"];

// Enable the User API Key
await user.apiKey.enable(keyId);
// Disable the User API Key
await user.apiKey.disable(keyId);

Delete an API Key

You can permanently delete a user API key by calling ApiKeyAuth.delete() with the key’s _id. Deleted keys can no longer be used to log in on behalf of the user.

// Get the ID of a User API Key
const user: Realm.User = app.currentUser;
const apiKeys: Realm.Auth.ApiKey[] = await user.apiKeys.fetchAll();
const keyId: string = apiKeys[0]["_id"];

// Delete the User API Key
await user.apiKey.delete(keyId);
// Get the ID of a User API Key
const user = app.currentUser;
const apiKeys = await user.apiKeys.fetchAll();
const keyId = apiKeys[0]["_id"];

// Delete the User API Key
await user.apiKey.delete(keyId);