Class: Spree::Api::V3::Admin::ApiKeysController

Inherits:

ResourceController

• Object
• ActionController::API
• BaseController
• ResourceController
• Spree::Api::V3::Admin::ApiKeysController

Defined in:

app/controllers/spree/api/v3/admin/api_keys_controller.rb

Constant Summary

Constants inherited from BaseController

BaseController::RATE_LIMIT_RESPONSE

Constants included from Idempotent

Idempotent::IDEMPOTENCY_HEADER, Idempotent::IDEMPOTENCY_TTL, Idempotent::MAX_KEY_LENGTH, Idempotent::MUTATING_METHODS

Constants included from ErrorHandler

ErrorHandler::ERROR_CODES

Constants included from JwtAuthentication

JwtAuthentication::JWT_AUDIENCE_ADMIN, JwtAuthentication::JWT_AUDIENCE_STORE, JwtAuthentication::JWT_ISSUER, JwtAuthentication::USER_TYPE_ADMIN, JwtAuthentication::USER_TYPE_CUSTOMER

Instance Method Summary

• #revoke ⇒ Object

  PATCH /api/v3/admin/api_keys/:id/revoke Marks the key revoked rather than deleting it — the row stays so audit logs and ‘created_by`/`revoked_by` remain queryable.

Methods inherited from ResourceController

#create, #destroy, #index, #show, #update

Methods included from Spree::Api::V3::ApiKeyAuthentication

#authenticate_api_key!, #authenticate_secret_key!

Methods included from JwtAuthentication

#authenticate_user, #require_authentication!

Instance Method Details

#revoke ⇒ Object

PATCH /api/v3/admin/api_keys/:id/revoke Marks the key revoked rather than deleting it — the row stays so audit logs and ‘created_by`/`revoked_by` remain queryable. Hard deletion is available via `destroy` for cleanup.

# File 'app/controllers/spree/api/v3/admin/api_keys_controller.rb', line 12

def revoke
  @resource = find_resource
  authorize!(:update, @resource)

  @resource.revoke!(try_spree_current_user)
  render json: serialize_resource(@resource)
end