coldbox-security-api-authentication
OfficialSecure ColdBox APIs with scoped API keys
AuthorColdBox
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Protects ColdBox REST endpoints from unauthorized access by providing a standardized, auditable API key lifecycle including generation, secure storage, validation, caching, scope enforcement, and revocation.
Core Features & Use Cases
- Key Generation & One-Time Reveal: Create human-readable prefixes and raw keys that are only shown once at generation time.
- Secure Storage & Validation: Hash keys with SHA-256 before storage and validate incoming Bearer tokens against hashed values.
- Performance via Caching: Cache validated key lookups with CacheBox to reduce database load and clear caches on revocation.
- Interceptor Enforcement & Scopes: Enforce keys on /api/ routes with an interceptor, support scope checks per endpoint, and provide management endpoints for listing, generating, and revoking keys.
- Operational Safety: Update last-used timestamps, log unauthorized attempts, and recommend HTTPS in production.
Quick Start
Generate a new API key for a user, install the APIKeyInterceptor in your interceptors configuration, and use the provided service methods to validate and revoke keys.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: coldbox-security-api-authentication Download link: https://github.com/ColdBox/skills/archive/main.zip#coldbox-security-api-authentication Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.