Table of Contents

Class ApiKeyOptions

Namespace
Tharga.Team
Assembly
Tharga.Team.dll

Configuration options for API key management.

public class ApiKeyOptions
Inheritance
ApiKeyOptions
Inherited Members

Fields

KeyLengthFloor

Absolute floor for both MinKeyLength and MaxKeyLength. 24 alphanumeric characters is ≈143 bits of entropy (well above 128-bit) and matches the historical minimum, so the secret can never be configured weaker than keys minted before these options existed.

public const int KeyLengthFloor = 24

Field Value

int

Properties

AdvancedMode

When true, enables full CRUD with custom names, access levels, roles, and expiry. When false, keys are auto-created and only refresh/lock are available. Default: false.

public bool AdvancedMode { get; set; }

Property Value

bool

AutoKeyCount

Number of keys to auto-create per team in simple mode. Default: 2.

public int AutoKeyCount { get; set; }

Property Value

int

AutoLockKeys

When true, newly created keys are automatically locked after creation so the raw key value is only visible once. Default: false.

public bool AutoLockKeys { get; set; }

Property Value

bool

LastUsedThrottle

Minimum time between "last used" timestamp writes for a given key. A key authenticating more often than this only gets its LastUsedAt persisted once per window, to avoid a database write on every authenticated request. Set to Zero to stamp on every successful authentication. Default: 1 minute.

public TimeSpan LastUsedThrottle { get; set; }

Property Value

TimeSpan

MaxExpiryDays

Maximum allowed expiry in days for API keys (caps both team and system keys). Null means no maximum. Default: 365.

public int? MaxExpiryDays { get; set; }

Property Value

int?

MaxKeyLength

Optional upper bound for the random secret length. When null (the default), every key uses a fixed length of MinKeyLength; when set, each key's length is chosen at random in [MinKeyLength, MaxKeyLength] via a cryptographic RNG. Must be ≥ KeyLengthFloor; the ≥ MinKeyLength relationship is enforced when a key is generated.

public int? MaxKeyLength { get; set; }

Property Value

int?

MinKeyLength

Number of random alphanumeric characters in the secret portion of a generated API key (the part after the team/system prefix). When MaxKeyLength is null this is the exact, fixed length; when it is set, this is the lower bound of a random range. Applies to every CreateKeyAsync — team and system keys — on both create and recycle/regenerate. Default: 32 (≈190-bit). Must be ≥ KeyLengthFloor so it cannot be accidentally weakened; a smaller value throws ArgumentOutOfRangeException.

public int MinKeyLength { get; set; }

Property Value

int

Remarks

Secret entropy with the base62 alphabet (~5.95 bits per character):

22≈128-bit
32≈190-bit (default)
43≈256-bit
65≈384-bit
86≈512-bit
Edit this page