Static API key authentication with key rotation capabilities. This authentication method is used for Azure services that accept API keys instead of tokens, providing a simpler authentication mechanism with built-in support for key updates without recreating the credential object.
Base interface for API key-based authentication.
/**
* Represents a credential defined by a static API key.
*/
interface KeyCredential {
/** The value of the API key represented as a string */
readonly key: string;
}Concrete implementation of KeyCredential with key rotation support.
/**
* A static-key-based credential that supports updating the underlying key value.
*/
class AzureKeyCredential implements KeyCredential {
/**
* Create an instance of an AzureKeyCredential for use with a service client.
* @param key - The initial value of the key to use in authentication
* @throws Error if key is empty or undefined
*/
constructor(key: string);
/** The value of the key to be used in authentication */
get key(): string;
/**
* Change the value of the key.
* Updates will take effect upon the next request after updating the key value.
* @param newKey - The new key value to be used
*/
update(newKey: string): void;
}Usage Examples:
import { AzureKeyCredential } from "@azure/core-auth";
// Create credential with initial API key
const keyCredential = new AzureKeyCredential("your-api-key-here");
// Use with Azure service client
const serviceClient = new SomeAzureServiceClient(endpoint, keyCredential);
// Access the current key
console.log(keyCredential.key); // "your-api-key-here"
// Update the key (useful for key rotation)
keyCredential.update("new-rotated-api-key");
// Future requests will use the new key
const result = await serviceClient.someOperation();
// Common pattern for key rotation
async function rotateApiKey(credential: AzureKeyCredential) {
const newKey = await getNewKeyFromKeyVault();
credential.update(newKey);
console.log("API key rotated successfully");
}Runtime validation to determine if an object implements the KeyCredential interface.
/**
* Tests an object to determine whether it implements KeyCredential.
* @param credential - The assumed KeyCredential to be tested
* @returns true if the object implements KeyCredential, false otherwise
*/
function isKeyCredential(credential: unknown): credential is KeyCredential;Usage Examples:
import { isKeyCredential, AzureKeyCredential } from "@azure/core-auth";
function processCredential(credential: unknown) {
if (isKeyCredential(credential)) {
// TypeScript now knows credential has a 'key' property
console.log(`Using API key: ${credential.key.substring(0, 4)}...`);
return true;
}
return false;
}
// Usage in credential validation
function validateCredentials(credentials: unknown[]) {
const keyCredentials = credentials.filter(isKeyCredential);
keyCredentials.forEach(cred => {
if (cred.key.length < 10) {
console.warn("Key appears to be too short");
}
});
}
// Usage with multiple credential types
function getCredentialInfo(credential: unknown): string {
if (isKeyCredential(credential)) {
return `Key credential with key length: ${credential.key.length}`;
}
return "Unknown credential type";
}The AzureKeyCredential constructor will throw an Error if the provided key is empty or undefined:
import { AzureKeyCredential } from "@azure/core-auth";
try {
const credential = new AzureKeyCredential(""); // Throws Error
} catch (error) {
console.error(error.message); // "key must be a non-empty string"
}
try {
const credential = new AzureKeyCredential(null as any); // Throws Error
} catch (error) {
console.error(error.message); // "key must be a non-empty string"
}