BA
Better Auth3mo ago
whizzy

api key validation problem

When I search for api key using the DB, it appears, but doesn't work when I try the same using api key validate, I get an error Keys not found I am using this in external api, which dont have auth setup thouhg, coz my main app is nextjs, and for hono I am using api keys so people can call endpoints
Solution:
you dont have the key hashing disabled, the keys table with the key column is a hashed version, it will not be the actual key, usally the key is provided to you when you create the key use the value instead.
Jump to solution
5 Replies
lonelyplanet
lonelyplanet3mo ago
Please share your auth.ts and also where you are validating/creating api keys, If you havn't disabled hashing for keys then the key you see in your database will actually be the Hashed API key and not the actual api key
whizzy
whizzyOP3mo ago
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "@callmelater/core/drizzle";
import { apiKey, oneTap } from "better-auth/plugins";
import { polar, checkout, portal, usage } from "@polar-sh/better-auth";
import { Polar } from "@polar-sh/sdk";
import { nextCookies } from "better-auth/next-js";
import { Resource } from "sst";
// import { Resend } from "resend";

const polarClient = new Polar({
  accessToken: Resource.POLAR_ACCESS_TOKEN_DEV.value,
  server: "sandbox",
});

export const auth = betterAuth({
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  logger: {
    level: "info",
  },
  socialProviders: {
    google: {
      clientId: Resource.GOOGLE_CLIENT_ID.value,
      clientSecret: Resource.GOOGLE_CLIENT_SECRET.value,
    },
  },
  plugins: [
    apiKey(),
    polar({
      client: polarClient,
      createCustomerOnSignUp: true,
      use: [
        checkout({
          products: [
            {
              productId: "08a8582e-c70b-4a00-b962-f9cf91460a68", // ID of Product from Polar Dashboard
              slug: "credits", // Custom slug for easy reference in Checkout URL, e.g. /checkout/credits
            },
          ],
        }),
        portal(),
        usage(),
        // webhooks({
        //   secret: process.env.POLAR_WEBHOOK_SECRET!,
        // }),
      ],
    }),
    nextCookies(),
  ],
});
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "@callmelater/core/drizzle";
import { apiKey, oneTap } from "better-auth/plugins";
import { polar, checkout, portal, usage } from "@polar-sh/better-auth";
import { Polar } from "@polar-sh/sdk";
import { nextCookies } from "better-auth/next-js";
import { Resource } from "sst";
// import { Resend } from "resend";

const polarClient = new Polar({
  accessToken: Resource.POLAR_ACCESS_TOKEN_DEV.value,
  server: "sandbox",
});

export const auth = betterAuth({
  database: drizzleAdapter(db, {
    provider: "pg",
  }),
  logger: {
    level: "info",
  },
  socialProviders: {
    google: {
      clientId: Resource.GOOGLE_CLIENT_ID.value,
      clientSecret: Resource.GOOGLE_CLIENT_SECRET.value,
    },
  },
  plugins: [
    apiKey(),
    polar({
      client: polarClient,
      createCustomerOnSignUp: true,
      use: [
        checkout({
          products: [
            {
              productId: "08a8582e-c70b-4a00-b962-f9cf91460a68", // ID of Product from Polar Dashboard
              slug: "credits", // Custom slug for easy reference in Checkout URL, e.g. /checkout/credits
            },
          ],
        }),
        portal(),
        usage(),
        // webhooks({
        //   secret: process.env.POLAR_WEBHOOK_SECRET!,
        // }),
      ],
    }),
    nextCookies(),
  ],
});
aah probably that's the issue, thanks mate, lemme try
Solution
lonelyplanet
lonelyplanet3mo ago
you dont have the key hashing disabled, the keys table with the key column is a hashed version, it will not be the actual key, usally the key is provided to you when you create the key use the value instead.
lonelyplanet
lonelyplanet3mo ago
You can disable hashing here @whizzy https://www.better-auth.com/docs/plugins/api-key#api-key-plugin-options:~:text=disableKeyHashing%20boolean,users%27%20API%20keys. -# ⚠️ Only do this in developement. In Production It's strongly recommended to not disable hashing. Storing API keys in plaintext makes them vulnerable to database breaches, potentially exposing all your users' API keys.
API Key | Better Auth
API Key plugin for Better Auth.
whizzy
whizzyOP3mo ago
thanks mate

Did you find this page helpful?