Protect API endpoints

RestAPI endpoints which destroy or modify data should be protected such that only users with credentials can access them. The minimal implementation includes

A protection layer via API key (request header X-API-Key
A possibility to send this API key in the OpenAPI UI

Some pointers:

https://blog.sedrik.se/posts/secure-axum/
https://docs.rs/utoipa/latest/utoipa/openapi/security/index.html

Edited Feb 07, 2024 by Sebastian Schüpbach

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Protect API endpoints