- Generating API Keys (with expiry)
- Storing API Keys securely
- Revoking API Keys
- Adding metadata to API Keys
It seems like there could be a generic API to power all of that, while still enabling applications to be opinionated about whether the incoming request is authenticated and has the right permissions.
This is good feedback that we need to provide more examples starting with OpenAPI instead of with the Fern Definition. For some context, we convert the OpenAPI spec into a Fern definition and then pass that into the code generators.
If you want to see some real world examples, check out these links:
- https://github.com/vellum-ai/vellum-client-generator/tree/ma... -> https://github.com/vellum-ai/vellum-client-python
- https://github.com/Squidex/sdk-fern/tree/main/fern/api/opena... -> https://github.com/Squidex/sdk-node
Worth calling out that you can go from the Fern Definition -> OpenAPI anytime to prevent lock in.