I have an API in Loopback 4 that already has authentication implemented by JWT but I want to go one step further by implementing an API key so that only apps that request this API key can use the API.
Can someone help me a little with this? I'm a little lost.
I was looking for solutions to implement BasicAuth at API level in addition to JWT auth at endpoint level. The BasicAuth is to ensure that, only the clients with credentials can access even the endpoints that are not protected by JWT. I couldn't see a solution to add it at API level covering all endpoints. Authentication Decorator is needed at least at Class level. So I have used 'basic-auth' npm module and added an authentication method in the Sequence to authenticate all the incoming requests.
