<!--
This file was generated by Spark. Do not edit it by hand.
-->
# AshAuthentication.Strategy.ApiKey

Strategy for authenticating using an API key.

## Security Considerations

Responsibility for generating, securing, expiring and revoking lies on the implementor.
If you are using API keys, you *must* ensure that your policies and application are set
up to prevent misuse of these keys. For example:

```elixir
policy AshAuthentication.Checks.UsingApiKey do
  authorize_if action([:a, :list, :of, :allowed, :action, :names])
end
```

To detect that a user is signed in with an API key, you can see if
`user.__metadata__[:using_api_key?]` is set. If they are signed
in, then `user.__metadata__[:api_key]` will be set to the API key that they
used, allowing you to write policies that depend on the permissions granted
by the API key.



### authentication.strategies.api_key
```elixir
api_key name \\ :api_key
```


Strategy for authenticating using api keys






### Options

| Name | Type | Default | Docs |
|------|------|---------|------|
| [`api_key_relationship`](#authentication-strategies-api_key-api_key_relationship){: #authentication-strategies-api_key-api_key_relationship .spark-required} | `atom` |  | The relationship from the user to their *valid* API keys. |
| [`api_key_hash_attribute`](#authentication-strategies-api_key-api_key_hash_attribute){: #authentication-strategies-api_key-api_key_hash_attribute } | `atom` | `:api_key_hash` | The attribute on the API key resource that contains the API key's hash. |
| [`sign_in_action_name`](#authentication-strategies-api_key-sign_in_action_name){: #authentication-strategies-api_key-sign_in_action_name } | `atom` |  | The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>` |





### Introspection

Target: `AshAuthentication.Strategy.ApiKey`



<style type="text/css">.spark-required::after { content: "*"; color: red !important; }</style>