3rd party app, js sdk api key
Hey guys,
Im a hobbyist programmer and made a self-hosting Sportsclub calendar app with sveltekit (SPA) and pocketbase.
https://kfluitman.com/wip/building-privacy-first-sports-calendar/
To expand on my expedition, i thought id be great to also include immich in this stack. Allowing a club to activate it, to also have an immich server running, where for each team, there is a separate album. With facial recognition and smart search, its an excellent self hosting privacy safe solution.
I already made it work of course, but my question was, the JS SDK generated by immich themselves, it relies on an API key.
Right now, I would think of a automated hook in the pocketbase backend to have the admin API key rights to create users, and create an api key for them. User creation in my app is invite only by admins.
Is this a solid and reliable way? Or would it be a security risk to have an admin api key stored in the backend?
I would also have individual api keys generated per user. And each user would have a limited max space available. To not have parents bloat it with pictures and videos.
Im a hobbyist programmer and made a self-hosting Sportsclub calendar app with sveltekit (SPA) and pocketbase.
https://kfluitman.com/wip/building-privacy-first-sports-calendar/
To expand on my expedition, i thought id be great to also include immich in this stack. Allowing a club to activate it, to also have an immich server running, where for each team, there is a separate album. With facial recognition and smart search, its an excellent self hosting privacy safe solution.
I already made it work of course, but my question was, the JS SDK generated by immich themselves, it relies on an API key.
Right now, I would think of a automated hook in the pocketbase backend to have the admin API key rights to create users, and create an api key for them. User creation in my app is invite only by admins.
Is this a solid and reliable way? Or would it be a security risk to have an admin api key stored in the backend?
I would also have individual api keys generated per user. And each user would have a limited max space available. To not have parents bloat it with pictures and videos.
K. Fluitman
Ever tried coordinating a youth sports team? I’m building KnowMore - a calendar app that makes scheduling and attendance tracking simple for coaches and parents.
