Hi,
I used to using API-KEY for authentication. So If someone subscribe a plan, I would create a key with some quota for him. After a time, may this guy consider his key is leaked, so he want to change key.
The problem is if I create a new key the quota_remaing would be 0, so how can I get a new key that inherit quota_remaing from old one
Thank you in advance !
Hello @bomb_magical and welcome to the community. Can you explain in detail when you say “The problem is if I create a new key the quota_remaing would be 0”?
A quota_remaining value with 0 means that the quota has been exhausted. Unless quota_max has also been set to 0 or -1. Which means that an unlimited quota has been specified. I will have to check and get back to you if quota_remaining can be modified directly (but I am not sure it can).
I know you could use the Create Custom Key / Import Key to create a new key. You would export the key definition the of the previous key with the quota intact and modify the quota_max value to be the same as the quota_remaining. This way the remainder of the quota is what the previous user will start with and use until exhaustion.
Oh… take back, actually I wana say “The problem is if I create a new key the quota_remaing would be equal to quota_max”.
Let me rephrase it, I wana if there is way I could change id of key and all other fields keep unchaged
When you say ID of the key, do you mean the value of the key or the alias of the key. In this case value means the string of characters used in authorizing an API. And the alias is simply the custom identifier of the key. It can be seen in the key definition a shown below
Yes, you can definitely change both. However, not all values may remain the same. For example
the last_updated and the date_created fields are generated internally and would be modified.
Another one and one you already know is the quota_remaining will take the value from the quota_max. I am waiting on feedback if this can actually be modified.
In the meantime, you could temporarily give the user a new key based on the remaining quota. You can use the Create Custom Key / Import Key. So what you want is:
new quota_max = old quota_remaining
new quota_remaining = old quota_remaining
new quota_renewal_rate = 0
new quota_renews = 0
This way the user would at least get to finish the quota he had on the old key and the quota would not renew.
Then afterwards you can provide him with a new key with the quota_max set to the initial figure.
Found the answer to it. Currently there is a bug where import existing keys does not add the quota already used.
Like the keys which have an apikey- prefix, quotas already used also have a quota- prefix as well. The quota- prefix contains the amount of the used quotas. For example
quota-40dcaf04=175
This value is used to calculate the quota remining in the key.
So, to mitigate and solve your issue, you would need to create a key using the Create Custom Key / Import Key as earlier suggested. Then add a quota-{KEY_HASH} in the RedisDB. So for example, if the hash created for the key is 40dcaf04, then you would need to run the SET Redis command
SET quota-40dcaf04 "75"
Note: The value must be the currently used quota.
Once this is done. You can now make your requests and the quota of the key should update as normal.
Let us know if you got this working.
Hello. Continuing with the topic, a question:
The task is to reissue a client key (let’s say the key is compromised). The key (compromised) has both a rate limit and quotas. Is it possible to create a new key so that the limits from the old key are transferred to the new one? By creating/importing a key, the value of the key itself does not change (at least I could not achieve a change), so this option is not suitable. If you create a new key, the counters are updated. If you can manipulate quotas as you described above, then it is not clear with limits, is it possible to transfer them from the old key?
No, and as you’ve seen already only importing it does not change the key. You would have to also set the quota and rate limit counters. Which I don’t think we have an API for. So manually adding it via Redis is the only option
Similar to quota above. The limits have a counter and the key for holding the counter is rate-limit-<KEY-ID or KEY-HASH>
With quota yes, I see a record in the Redis and can change it manually. But with rate limit I don’t find any records in the Redis.
Have you checked that rate limit isn’t disabled on the:
There are other things that could cause rate limits from not triggering like:
Typically debug logs would show what the issue is. But ensuing Redis Rate limiter is used is essential (thought I think this is enabled if you can see for quotas)
Also I think it would be better if you were to open a new topic to address issues with rate-limits, as the scope for this topic is set to quotas