Package dev.dokimos.server.entity

Class ApiKey

java.lang.Object
dev.dokimos.server.entity.ApiKey
@Entity public class ApiKey extends Object
A scoped API key used to authenticate write requests against /api/v1/**. Only the SHA-256 hex hash of the key is persisted (keyHash); the raw key is shown to the caller exactly once at creation and never stored. Each key carries a Role that bounds what the caller may do, and an optional tenant. Disabled keys are rejected at authentication time without being deleted, so a key can be revoked while its audit trail (created_at, last_used_at) is preserved.

  • Constructor Details

    • ApiKey

      public ApiKey(String keyHash, String name, Role role, String tenantId)
      Creates an enabled key.
      Parameters:
      keyHash - SHA-256 hex hash of the raw key (never the raw key)
      name - human-readable label for the key
      role - privilege level granted to callers presenting this key
      tenantId - tenant the key belongs to, or null for an unscoped key

  • Method Details

    • getId

      public UUID getId()

    • getKeyHash

      public String getKeyHash()

    • getName

      public String getName()

    • getRole

      public Role getRole()

    • getTenantId

      public String getTenantId()

    • isEnabled

      public boolean isEnabled()

    • disable

      public void disable()
      Disables the key so future authentication attempts with it are rejected.

    • getCreatedAt

      public Instant getCreatedAt()

    • getLastUsedAt

      public Instant getLastUsedAt()

    • markUsed

      public void markUsed()
      Records that the key was just used to authenticate a request.