Docs Home → Develop Applications → Atlas Device SDKs

Create & Manage User API Keys - React Native SDK

On this page

Create a User API Key

Look up a User API Key
Enable or Disable an API Key
Delete an API Key

Realm is now Atlas Device SDK – Learn More

User API keys allow devices or services to communicate with App Services on behalf of a user without sharing that users credentials. User API keys can be revoked at any time by the authenticated user. User API keys do not expire on their own.

You can manage a user API key with the ApiKeyAuth client accessed with an authenticated user's User.apiKeys property.

If you are using @realm/react, you can access a user's ApiKeyAuth client with the useUser() hook in a component wrapped by UserProvider.

import React, {useEffect} from 'react';
import {useUser} from '@realm/react';
function UserApiKeys() {
  const user = useUser();
  async function createUserApiKey() {
    const apiKey = await user?.apiKeys.create('mySecretKey');
    // ...Do something with API key like save it
    // or share it with external service that authenticates
    // on user's behalf.
  }
  // ...
}

Create a User API Key

To create a new user API key, pass a name that's unique among all of the user's API keys to ApiKeyAuth.create().

The SDK returns the value of the user API key when you create it. Make sure to store the key value securely so that you can use it to log in. If you lose or do not store the key value there is no way to recover it. You will need to create a new user API key.

You cannot create a user API key for a server API key or an anonymous user.

const key = await user.apiKeys.create("apiKeyName");

Look up a User API Key

To get an array that lists all of a user's API keys, call ApiKeyAuth.fetchAll().

To find a specific API key, pass the key's _id to ApiKeyAuth.fetch().

// List all of a user's keys
const keys = await user.apiKeys.fetchAll();
// Get a specific key by its ID
const key = await user.apiKeys.fetch("5eb5931548d79bc784adf46e");

Enable or Disable an API Key

To enable or disable a user API key, pass the key's _id to ApiKeyAuth.enable() or ApiKeyAuth.disable(). When a key is disabled, it cannot be used to log in on behalf of the user.

const apiKeys = await user.apiKeys.fetchAll();
const keyId = apiKeys[0]["_id"];
// Enable the User API Key
await user.apiKey.enable(keyId);
// Disable the User API Key
await user.apiKey.disable(keyId);

Delete an API Key

To permanently delete a user API, pass the key's _id to ApiKeyAuth.delete(). Deleted keys cannot be recovered.

const apiKeys = await user.apiKeys.fetchAll();
const keyId = apiKeys[0]["_id"];
// Delete the User API Key
await user.apiKey.delete(keyId);

← Link User Identities - React Native SDK

Sync Data Between Devices - React Native SDK →