What's the best practice of kuzzle.auth.createApiKey usage?

Question

What's the best practice of kuzzle.auth.createApiKey usage ?

1. Call it outside the app to generate a token then put the token in env variable and use it (kuzzle.jwt = <get(env.token_variable>) inside cade ?
2. or, call it in the code after the login to generate a token and set kuzzle.jwt = ?
3. Or ?

Does someone have a link to a usage in actual code (the exemple in the documentation does not help me much).

Answer 1

you may find more information about ApiKeys here

ApiKeys are authentication tokens that will never expire (by default) and will allow you to authenticate users without using an authentication strategy and the auth:login action.

Using an ApiKey following your second point doesn't make sense since calling kuzzle.auth.login already gives you an authentication token, you will just need to log in again when the previous token expires or the app restarts.

Concerning your first point, if you want the app to always be authenticated until you revoke the ApiKey, yes it seems to be the right way to do it.

Also, to genereate the ApiKey outside your app you should use kourou, as mentionned in the link above.