Skip to main content
Version: 0.4.x

API Key Authentication

Sharkable provides built-in API key authentication. Requests must include a valid X-Api-Key header.

Quick Start

builder.Services.AddShark(opt =>
{
opt.ApiKeys = ["your-secret-key-here"];
});

All endpoints are now protected. Requests without a valid key receive a 401 Unauthorized.

Multiple Keys

opt.ApiKeys = ["key-alpha", "key-beta", "key-gamma"];

Unified Error Response

Auth failures return the framework's standard unified result envelope:

{
"statusCode": 401,
"data": null,
"errorMessage": "Unauthorized",
"extra": null,
"timeStamp": 1750934400000
}

Integration with JWT

API key and JWT authentication can coexist. When both are configured, either is accepted as valid authentication:

builder.Services.AddShark(opt =>
{
opt.ApiKeys = ["api-key-here"];
opt.ConfigureJwt("https://your-issuer.com", ["your-api"]);
});