Authentication

Authentication

API key-based authentication is used to authenticate the users who make requests to the IRS service. API key is a secret unique identifier that is used to authenticate the user and authorize the request. This key is provided by the user (or your app) when making an HTTP POST request to the intent recognition service in the Authorization header of the request.

This simple approach may not be the most secure way to authorize requests, but it is simple to use and implement, and has negligible overhead for both maintenance and request processing. This ensure that intent recognition requests can be performed with low-latency but still be secure.

Core Concepts

You can store all your API keys in a single collection. Each API key record in this collection should follow specific structure. To learn more about the structure of an API key record, check API Keys Data.

An API key record can have several properties, including the secret key, the user ID who owns the key, key's status (active or inactive), and list of endpoints it provides access to (helps to control access at granular level).

Anytime a request is received at an endpoint that requires authentication, the API key present in the authorization headers of the request is validated against the API key store. For the key to be valid, it must meet the following conditions:

  • The key must be present in the API key store or collection.
  • The user id (uid) provided with the request must match the uid specified in the key record, i.e., the key must be associated with the user making the request.
  • The status of the key must be active.
  • The key must have access to the endpoint being accessed.
  • Usage limit specified for the given key must not have been exceeded.

If the key is valid, the request is processed; otherwise, an error is returned.

API Key Store

The API key store is a collection of API keys that are used to authenticate users who make requests to the IRS service. The API key store can be stored in a database or a file, depending on the data source you are using. For production use, it is recommended to use a database like Cloud Firestore to store the API keys.

Firestore

Intento provides built-in support for using Cloud Firestore as the data source for IRS data and API keys. When using Cloud Firestore, you can simple specify the collection name where the API keys are stored when configuring the data source.

const irsDataSource = new FirestoreDataSource({
  credential: credential.cert('./service-account.json'), // or set GOOGLE_APPLICATION_CREDENTIALS env var
  projectId: 'your-project-id',
  irsId: 'your-irs-id',
  collections: {
    irsCollection: 'ir-services',
    intentsCollection: 'intents',
    apiKeysCollection: 'api-keys',
  },
});

Learn more about Firestore data source here.

In-Memory

For development and testing purposes, you can use an in-memory data source to store the API keys. The in-memory data source stores the API keys in memory and does not persist the data across server restarts.

const irsDataSource = new InMemoryDataSource({
  irsId: '',
  files: {
    irsDataFile: './data/irs-data.json',
    intentsDataFile: './data/intents-data.json',
    apiKeysDataFile: './data/api-keys-data.json',
  },
});

Learn more about in-memory data source here.