GetApiUserByKeyHash
Method Details​
Description: Retrieves an API user using its API key hash.
This method is used for authentication flows to lookup an API user based on the hash of their API key.
Required Roles: Check proto file for roles
Parameters:
KeyHash(string): Key hash of the API user to get.
Returns: APIUser
Method Type: METHOD_TYPE_READ
Code Examples​
- Go
- Python
- Java
- Protobuf
package main
import (
"context"
"log"
api_userv1 "github.com/meshtrade/api/go/iam/api_user/v1"
)
func main() {
ctx := context.Background()
// Default configuration is used and credentials come from MESH_API_CREDENTIALS
// environment variable or default discovery methods. Zero config required
// unless you want custom configuration.
service, err := api_userv1.NewApiUserService()
if err != nil {
log.Fatalf("Failed to create service: %v", err)
}
defer service.Close()
// Create request with service-specific parameters
request := &api_userv1.GetApiUserByKeyHashRequest{
KeyHash: "hash_of_api_key_123456", // Hash of the API key (calculated by auth system)
}
// Call the GetApiUserByKeyHash method
apiUser, err := service.GetApiUserByKeyHash(ctx, request)
if err != nil {
log.Fatalf("GetApiUserByKeyHash failed: %v", err)
}
// Access API user details retrieved by key hash
log.Printf("Found API user: %s", apiUser.GetName())
log.Printf("Display name: %s", apiUser.GetDisplayName())
log.Printf("State: %s", apiUser.GetState().String())
log.Printf("Owner: %s", apiUser.GetOwner())
// Note: This method is typically used by authentication systems
// to validate API keys and retrieve associated user information
}
from meshtrade.iam.api_user.v1 import (
ApiUserService,
GetApiUserByKeyHashRequest,
)
def main():
# Default configuration is used and credentials come from MESH_API_CREDENTIALS
# environment variable or default discovery methods. Zero config required
# unless you want custom configuration.
service = ApiUserService()
with service:
# Create request with service-specific parameters
request = GetApiUserByKeyHashRequest(
key_hash="hash_of_api_key_123456" # Hash of the API key (calculated by auth system)
)
# Call the GetApiUserByKeyHash method
api_user = service.get_api_user_by_key_hash(request)
# Access API user details retrieved by key hash
print(f"Found API user: {api_user.name}")
print(f"Display name: {api_user.display_name}")
print(f"State: {api_user.state}")
print(f"Owner: {api_user.owner}")
# Note: This method is typically used by authentication systems
# to validate API keys and retrieve associated user information
if __name__ == "__main__":
main()
import co.meshtrade.api.iam.api_user.v1.ApiUserService;
import co.meshtrade.api.iam.api_user.v1.Service.GetApiUserByKeyHashRequest;
import co.meshtrade.api.iam.api_user.v1.ApiUser.APIUser;
import java.util.Optional;
public class GetApiUserByKeyHashExample {
public static void main(String[] args) {
// Default configuration is used and credentials come from MESH_API_CREDENTIALS
// environment variable or default discovery methods. Zero config required
// unless you want custom configuration.
try (ApiUserService service = new ApiUserService()) {
// Create request with service-specific parameters
GetApiUserByKeyHashRequest request = GetApiUserByKeyHashRequest.newBuilder()
.setKeyHash("hash_of_api_key_123456") // Hash of the API key (calculated by auth system)
.build();
// Call the GetApiUserByKeyHash method
APIUser apiUser = service.getApiUserByKeyHash(request, Optional.empty());
// Access API user details retrieved by key hash
System.out.println("Found API user: " + apiUser.getName());
System.out.println("Display name: " + apiUser.getDisplayName());
System.out.println("State: " + apiUser.getState());
System.out.println("Owner: " + apiUser.getOwner());
// Note: This method is typically used by authentication systems
// to validate API keys and retrieve associated user information
} catch (Exception e) {
System.err.println("GetApiUserByKeyHash failed: " + e.getMessage());
e.printStackTrace();
}
}
}
syntax = "proto3";
package meshtrade.iam.api_user.v1;
import "buf/validate/validate.proto";
import "meshtrade/iam/api_user/v1/api_user.proto";
import "meshtrade/iam/role/v1/role.proto";
import "meshtrade/option/v1/method_type.proto";
option go_package = "github.com/meshtrade/api/go/iam/api_user/v1;api_userv1";
option java_package = "co.meshtrade.api.iam.api_user.v1";
/*
ApiUserService manages API user lifecycle and authentication credentials.
API users represent automated clients that can authenticate with API keys
and perform operations within a specific group context. Each API user has:
- A unique identifier and display name
- Group ownership for resource isolation
- Role-based permissions for authorization
- Active/inactive state for access control
All operations require IAM domain permissions and operate within
the authenticated group context.
*/
service ApiUserService {
/*
Retrieves a single API user by its unique identifier.
*/
rpc GetApiUser(GetApiUserRequest) returns (meshtrade.iam.api_user.v1.APIUser) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_READ;
option (meshtrade.iam.role.v1.roles) = {
roles: [
ROLE_IAM_ADMIN,
ROLE_IAM_VIEWER
]
};
}
/*
Creates a new API user with the specified configuration.
The API user will be created in the authenticated group context
and assigned the provided roles. The system generates a unique
identifier and API key for authentication.
*/
rpc CreateApiUser(CreateApiUserRequest) returns (meshtrade.iam.api_user.v1.APIUser) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_WRITE;
option (meshtrade.iam.role.v1.roles) = {
roles: [ROLE_IAM_ADMIN]
};
}
/*
Lists all API users in the authenticated group context.
Returns all API users that belong to the current group,
regardless of their active/inactive state.
*/
rpc ListApiUsers(ListApiUsersRequest) returns (ListApiUsersResponse) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_READ;
option (meshtrade.iam.role.v1.roles) = {
roles: [
ROLE_IAM_ADMIN,
ROLE_IAM_VIEWER
]
};
}
/*
Searches API users using display name filtering.
Performs substring matching on API user display names
within the authenticated group context.
*/
rpc SearchApiUsers(SearchApiUsersRequest) returns (SearchApiUsersResponse) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_READ;
option (meshtrade.iam.role.v1.roles) = {
roles: [
ROLE_IAM_ADMIN,
ROLE_IAM_VIEWER
]
};
}
/*
Activates an API user, enabling API key authentication.
Changes the API user state to active, allowing the associated
API key to be used for authentication and authorization.
*/
rpc ActivateApiUser(ActivateApiUserRequest) returns (meshtrade.iam.api_user.v1.APIUser) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_WRITE;
option (meshtrade.iam.role.v1.roles) = {
roles: [ROLE_IAM_ADMIN]
};
}
/*
Deactivates an API user, disabling API key authentication.
Changes the API user state to inactive, preventing the associated
API key from being used for authentication.
*/
rpc DeactivateApiUser(DeactivateApiUserRequest) returns (meshtrade.iam.api_user.v1.APIUser) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_WRITE;
option (meshtrade.iam.role.v1.roles) = {
roles: [ROLE_IAM_ADMIN]
};
}
/*
Retrieves an API user using its API key hash.
This method is used for authentication flows to lookup
an API user based on the hash of their API key.
*/
rpc GetApiUserByKeyHash(GetApiUserByKeyHashRequest) returns (meshtrade.iam.api_user.v1.APIUser) {
option (meshtrade.option.v1.method_type) = METHOD_TYPE_READ;
option (meshtrade.iam.role.v1.roles) = {
roles: [
ROLE_IAM_ADMIN,
ROLE_IAM_VIEWER
]
};
}
}
message GetApiUserRequest {
/*
Name of the API user to get.
*/
string name = 1;
}
message GetApiUserByKeyHashRequest {
/*
Key hash of the API user to get.
*/
string key_hash = 1;
}
message CreateApiUserRequest {
/*
The API user resource to create.
The name field will be ignored and assigned by the server.
*/
meshtrade.iam.api_user.v1.APIUser api_user = 1;
}
message ListApiUsersRequest {}
message ListApiUsersResponse {
repeated meshtrade.iam.api_user.v1.APIUser api_users = 1;
}
message SearchApiUsersRequest {
/*
Display name is a substring search for API users.
*/
string display_name = 1;
}
message SearchApiUsersResponse {
repeated meshtrade.iam.api_user.v1.APIUser api_users = 1;
}
message ActivateApiUserRequest {
/*
Name of the API user to activate.
*/
string name = 1 [(buf.validate.field) = {
string: {
min_len: 1
pattern: "^api_users/[0-9A-HJKMNP-TV-Z]{26}$"
}
cel: {
id: "name.required"
message: "name is required and must be in format api_users/{id}"
expression: "this.matches('^api_users/[0-9A-HJKMNP-TV-Z]{26}$')"
}
}];
}
message DeactivateApiUserRequest {
/*
Name of the API user to deactivate.
*/
string name = 1 [(buf.validate.field) = {
string: {
min_len: 1
pattern: "^api_users/[0-9A-HJKMNP-TV-Z]{26}$"
}
cel: {
id: "name.required"
message: "name is required and must be in format api_users/{id}"
expression: "this.matches('^api_users/[0-9A-HJKMNP-TV-Z]{26}$')"
}
}];
}
Advanced Configuration​
For advanced client configuration options (custom endpoints, TLS settings, timeouts), see the SDK Configuration Guide.
Other Methods​
- Iam Api User v1 Method List - For Other methods