"Login or API key" option on Posit Connect

We wanted to deploy an API that was accessible by either Okta or API keys. Okta for actual, human users - like Swagger documentation. API keys for computer users - integration with other systems.

I had an application deployed on Posit Connect where the sharing setting was set to “Anyone - no login required” and inside the application, it checked HTTP requests, if they had a valid api-key header, we served the response. If they didn’t have an api-key, we had code that go through the Okta mechanism.

But the code to do all that is complex and adds a lot of work to it. It’d be great if Posit Connect offered a “Login or API key” option for API applications that are deployed on Connect.

I do wonder, however, if there are other, better ways of doing this? So here I am. It’d be good to know how other clients do it.

Howdy @bjfletcher !! That is an interesting approach!

If you set the application to "All users - Login Required," you should get the following behavior:

  • if someone visits the API in their browser, they will have a "Log in" button that redirects them to SSO (provided that Okta is configured with Connect)
  • if someone authenticates with an API key, they should get access

Of course, you can also be more granular - only giving access to certain users or groups. Am I missing something here? Or would this work for your use case? It basically leverages Connect to handle the authentication layer rather than your own bespoke authentication mechanism.

In fact, in recent releases, we automatically redirect the first bullet to SSO rather than showing a Connect-specific landing page. :smile:

1 Like