How to create a "permanent key" to authenticate a user on MY API using FusionAuth?

Question

I have setup a FusionAuth server. I am using it to register and login users.

On the application I am doing, I want to expose a REST API for sers. On the API request, I want to have a key that is generated on user registration and it will last until user renew it manually.

The key will be used for user-authentication and user-authorization to access the application and each of the methods exposed.

On the documentation I can read about JTW, but all of them have expiration date. Checking the tutorials, I cannot find a similar example of "something" that uses

I might be confusing some of the terms and I do not know how to do this:

• User registration using default form --> Done
• Struggling with --> Create user-key to control access to MY APP.

The workflow I can think of is something similar to:

1. User send REST API request with "user-key" in the headers.
2. my-application authenticate the key with FA Login API.
3. my-application verify key has access to my-resource.
4. If all goes well, user gets his/her data.

How can I achieve this? Does not seems like a "complex" use case...

Answer 1

From the docs:

 FusionAuth offers four solutions, with different strengths and weaknesses.

    Client Credentials Grant

    OAuth + JWTs

    FusionAuth API Keys

    Authentication Tokens

On the API request, I want to have a key that is generated on user registration and it will last until user renew it manually.

This can work for simple use cases, but you don't need FusionAuth for this. Lots of frameworks will have support for API keys. The FusionAuth recommended way is to use tokens which expire, and possibly the refresh token grant.

This approach will force users to re-authenticate every so often, but that's a good idea, because it forces them to prove they are still who you think they are.