APIKeyBase
This class serves as a base for API key-based security schemes, providing the foundational structure for managing authentication via keys in various locations. It handles the initialization of the security model and provides a standardized mechanism for validating the presence of an API key. Additionally, it includes logic for generating compliant HTTP 401 Unauthorized responses with a custom challenge header when authentication fails.
Attributes
| Attribute | Type | Description |
|---|---|---|
| model | [APIKey](../../../openapi/models/apikey.md?sid=fastapi_openapi_models_apikey) | The OpenAPI security scheme model representing the API key configuration, including its location and name. |
| auto_error | bool | A boolean flag that determines whether to automatically raise an HTTP 401 error if the API key is missing. |
| scheme_name | str | The unique identifier for the security scheme, defaulting to the class name if not explicitly provided. |
Constructor
Signature
def APIKeyBase(
location: [APIKeyIn](../../../openapi/models/apikeyin.md?sid=fastapi_openapi_models_apikeyin),
name: str,
description: str | None,
scheme_name: str | None,
auto_error: bool
) - > null
Parameters
| Name | Type | Description |
|---|---|---|
| location | [APIKeyIn](../../../openapi/models/apikeyin.md?sid=fastapi_openapi_models_apikeyin) | The location of the API key (e.g., query, header, or cookie). |
| name | str | The name of the security scheme. |
| description | `str | None` |
| scheme_name | `str | None` |
| auto_error | bool | Whether to automatically raise an error if authentication fails. |
Signature
def APIKeyBase(
location: [APIKeyIn](../../../openapi/models/apikeyin.md?sid=fastapi_openapi_models_apikeyin),
name: str,
description: str | None,
scheme_name: str | None,
auto_error: bool
)
Parameters
| Name | Type | Description |
|---|---|---|
| location | [APIKeyIn](../../../openapi/models/apikeyin.md?sid=fastapi_openapi_models_apikeyin) | The location of the API key in the request, such as a header, query parameter, or cookie |
| name | str | The name of the parameter that contains the API key |
| description | `str | None` |
| scheme_name | `str | None` |
| auto_error | bool | Determines whether the scheme should automatically raise an HTTPException when the API key is missing |
Methods
make_not_authenticated_error()
@classmethod
def make_not_authenticated_error() - > [HTTPException](../../../exceptions/httpexception.md?sid=fastapi_exceptions_httpexception)
The WWW-Authenticate header is not standardized for API Key authentication but the HTTP specification requires that an error of 401 "Unauthorized" must include a WWW-Authenticate header. Ref: https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized For this, this method sends a custom challenge APIKey.
Returns
| Type | Description |
|---|---|
[HTTPException](../../../exceptions/httpexception.md?sid=fastapi_exceptions_httpexception) | A 401 Unauthorized exception containing the required WWW-Authenticate header with a custom 'APIKey' challenge |
check_api_key()
@classmethod
def check_api_key(
api_key: str | None
) - > str | None
Validates the presence of an API key and handles missing credentials based on the auto_error configuration.
Parameters
| Name | Type | Description |
|---|---|---|
| api_key | `str | None` |
Returns
| Type | Description |
|---|---|
| `str | None` |