Virtual Key is a security feature that allows you to protect your real API key by providing a separate, temporary key for authentication. This feature enhances the security of your API usage in several ways:
- 🎭 Masking: It hides your actual API key, reducing the risk of exposure.
- 🔐 Access Control: You can create and manage multiple virtual keys with different permissions.
- ❌ Revocation: Virtual keys can be easily revoked without affecting the main API key.
- 📊 Usage Tracking: Each virtual key's usage can be monitored separately.
Virtual Key is enabled by default, so you need at least set up one key before invoke API calls.
Virtual Key is implemented by Cloudflare Worker KV, you can easily add a delete key by Wrangler CLI.
-
Add a Virtual Key
VIRTUAL_KEY=malacca REAL_KEY=YOUR_REAL_API_KEY npx wrangler kv key put ${VIRTUAL_KEY} ${REAL_KEY} --binding MALACCA_USER
-
Revoke a Virtual Key
npx wrangler kv key delete ${VIRTUAL_KEY} --binding MALACCA_USER
You can also manage the KV pairs directly from Cloudflare Worker KV web console.
You can customize the virtual key logic by modifying the virtual key middleware in src/middlewares/virtualKey.ts.