TsgcWSAPIKeyManager › Methods › IssueKey
Generates, hashes and stores a new key; returns the plaintext (only time it can be observed).
function IssueKey(const aOwner: string; const aScopes: TsgcAPIKeyScopes; aExpiresInSec: Integer = 0): string;| Name | Type | Description |
|---|---|---|
aOwner | const string | Tenant, customer or user identifier the key is issued to. Indexed so GetKeysByOwner can look up all keys for a tenant. |
aScopes | const TsgcAPIKeyScopes | Array of scope strings to attach to the key. Every entry must already exist (and be enabled) in the Scopes catalog when Scopes.Enabled is True. |
aExpiresInSec | Integer | Lifetime of the key in seconds from now. Pass 0 to inherit Expiration.DefaultTTLSec; pass 0 with DefaultTTLSec = 0 for a key that never expires. |
The plaintext key (prefix + random body + optional checksum) — this is the only time the raw value is observable; only its hash is persisted. Deliver it to the customer from this call or from the OnKeyIssued handler. (string)
Generates a cryptographically random key body according to the Generation group, prepends the KeyPrefix, appends a checksum when IncludeChecksum is True, then hashes the full plaintext with the Hashing group and stores the digest plus owner, scopes, timestamps and status (kksActive). Fires OnKeyIssued, appends an audit entry with action kaaIssued, updates Stats and — when StorageType is kstFile — triggers a persist. Raises if Generation.Enabled is False.
var
vKey: string;
begin
vKey := sgcWSAPIKeyManager1.IssueKey('customer-123',
TsgcAPIKeyScopes.Create('read:orders', 'write:orders'),
30 * 86400);
ShowMessage('Deliver to customer once: ' + vKey);
end;