We wanted to deploy an API that was accessible by either Okta or API keys. Okta for actual, human users - like Swagger documentation. API keys for computer users - integration with other systems.
I had an application deployed on Posit Connect where the sharing setting was set to “Anyone - no login required” and inside the application, it checked HTTP requests, if they had a valid api-key
header, we served the response. If they didn’t have an api-key
, we had code that go through the Okta mechanism.
But the code to do all that is complex and adds a lot of work to it. It’d be great if Posit Connect offered a “Login or API key” option for API applications that are deployed on Connect.
I do wonder, however, if there are other, better ways of doing this? So here I am. It’d be good to know how other clients do it.