# `AshAuthentication.Strategy.ApiKey`
[🔗](https://github.com/team-alembic/ash_authentication/blob/main/lib/ash_authentication/strategies/api_key.ex#L5)

Strategy for authenticating using an API key.

## Security Considerations

Responsibility for generating, securing, expiring and revoking lies on the implementor.
If you are using API keys, you *must* ensure that your policies and application are set
up to prevent misuse of these keys. For example:

```elixir
policy AshAuthentication.Checks.UsingApiKey do
  authorize_if action([:a, :list, :of, :allowed, :action, :names])
end
```

To detect that a user is signed in with an API key, you can see if
`user.__metadata__[:using_api_key?]` is set. If they are signed
in, then `user.__metadata__[:api_key]` will be set to the API key that they
used, allowing you to write policies that depend on the permissions granted
by the API key.

# `t`

```elixir
@type t() :: %AshAuthentication.Strategy.ApiKey{
  __spark_metadata__: Spark.Dsl.Entity.spark_meta(),
  api_key_hash_attribute: atom(),
  api_key_relationship: atom(),
  multitenancy_relationship: atom(),
  name: atom(),
  provider: :api_key,
  resource: Ash.Resource.t(),
  sign_in_action_name: atom()
}
```

# `transform`

# `verify`

---

*Consult [api-reference.md](api-reference.md) for complete listing*