# @memberjunction/api-keys-base
Metadata caching engine for MemberJunction's API key authorization system. This package provides cached, read-only access to API scopes, applications, and key bindings. It can be used on both client and server.
## Architecture
```mermaid
graph TD
subgraph "@memberjunction/api-keys-base"
A[APIKeysEngineBase] --> B[Scope Cache]
A --> C[Application Cache]
A --> D[Key Binding Cache]
B --> E["Lookup Maps
(by path, by ID)"]
C --> F["Lookup Maps
(by name, by ID)"]
end
subgraph "Data Sources"
G["MJ: API Scopes"]
H["MJ: API Applications"]
I["MJ: API Application Scopes"]
J["MJ: API Key Applications"]
K["MJ: API Key Scopes"]
end
G --> A
H --> A
I --> A
J --> A
K --> A
style A fill:#2d6a9f,stroke:#1a4971,color:#fff
style B fill:#2d8659,stroke:#1a5c3a,color:#fff
style C fill:#2d8659,stroke:#1a5c3a,color:#fff
style D fill:#2d8659,stroke:#1a5c3a,color:#fff
style E fill:#7c5295,stroke:#563a6b,color:#fff
style F fill:#7c5295,stroke:#563a6b,color:#fff
```
## Overview
The `APIKeysEngineBase` class extends MemberJunction's `BaseEngine` pattern to load and cache all API key-related metadata in memory. It is designed for fast, synchronous lookups after an initial asynchronous load.
**Key capabilities:**
- Cached access to API scopes, applications, application scopes, key applications, and key scopes
- Fast lookup maps for scopes (by path and ID) and applications (by name and ID)
- Hierarchical scope path resolution (e.g., `entity:read`, `agent:execute`)
- Application authorization checks for API keys
- UI configuration parsing for scope display
## Installation
```bash
npm install @memberjunction/api-keys-base
```
## Usage
### Initializing the Engine
```typescript
import { APIKeysEngineBase } from '@memberjunction/api-keys-base';
// Initialize with metadata load
await APIKeysEngineBase.Instance.Config(false, contextUser);
// Force refresh of cached data
await APIKeysEngineBase.Instance.Config(true, contextUser);
```
### Accessing Cached Data
```typescript
const engine = APIKeysEngineBase.Instance;
// All scopes
const allScopes = engine.Scopes;
const activeScopes = engine.ActiveScopes;
// All applications
const apps = engine.Applications;
// Scope lookups
const scope = engine.GetScopeByPath('entity:read');
const scopeById = engine.GetScopeById('scope-guid');
// Application lookups
const app = engine.GetApplicationByName('MCP Server');
const appById = engine.GetApplicationById('app-guid');
```
### Checking Key Authorization
```typescript
// Check if a key is authorized for a specific application
const isAuthorized = engine.IsKeyAuthorizedForApplication(apiKeyId, applicationId);
// Get all scope rules for a key
const keyScopes = engine.GetKeyScopesByKeyId(apiKeyId);
// Get application ceiling rules
const appScopes = engine.GetApplicationScopesByApplicationId(applicationId);
```
### Parsing Scope UI Configuration
```typescript
import { parseAPIScopeUIConfig } from '@memberjunction/api-keys-base';
const uiConfig = parseAPIScopeUIConfig(scope);
console.log(uiConfig.icon); // e.g., 'fa-solid fa-database'
console.log(uiConfig.color); // e.g., '#6366f1'
```
## API Reference
### APIKeysEngineBase
| Member | Type | Description |
|--------|------|-------------|
| `Instance` | static getter | Singleton instance |
| `Config()` | method | Load/refresh all metadata |
| `Scopes` | getter | All API scopes |
| `ActiveScopes` | getter | Only active scopes |
| `Applications` | getter | All API applications |
| `ApplicationScopes` | getter | All application scope ceilings |
| `KeyApplications` | getter | All key-to-application bindings |
| `KeyScopes` | getter | All key-level scope rules |
| `GetScopeByPath()` | method | Look up active scope by full path |
| `GetScopeById()` | method | Look up scope by ID |
| `GetApplicationByName()` | method | Look up application by name (case-insensitive) |
| `GetApplicationById()` | method | Look up application by ID |
| `GetApplicationScopesByApplicationId()` | method | Get scope ceilings for an application |
| `GetApplicationScopeRules()` | method | Get scope rules for an application + scope |
| `GetKeyApplicationsByKeyId()` | method | Get application bindings for a key |
| `GetKeyScopesByKeyId()` | method | Get scope rules for a key |
| `GetKeyScopeRules()` | method | Get scope rules for a key + scope |
| `KeyHasApplicationBindings()` | method | Check if a key has any application bindings |
| `IsKeyAuthorizedForApplication()` | method | Check if a key is authorized for an application |
### APIScopeUIConfig
```typescript
interface APIScopeUIConfig {
icon?: string; // Font Awesome icon class
color?: string; // Hex color code
}
```
## Relationship to @memberjunction/api-keys
This package provides the **metadata caching layer** that can be used anywhere (client or server). The `@memberjunction/api-keys` package builds on top of this with server-side operations including key generation, validation, scope evaluation, and usage logging.
```mermaid
graph LR
A["@memberjunction/api-keys-base
(Metadata Caching)"] --> B["@memberjunction/api-keys
(Server-side Engine)"]
C["Client Code
(Angular, etc.)"] --> A
D["Server Code
(MJAPI, MCP)"] --> B
style A fill:#2d6a9f,stroke:#1a4971,color:#fff
style B fill:#2d8659,stroke:#1a5c3a,color:#fff
style C fill:#b8762f,stroke:#8a5722,color:#fff
style D fill:#b8762f,stroke:#8a5722,color:#fff
```
## Dependencies
| Package | Purpose |
|---------|---------|
| `@memberjunction/core` | BaseEngine, UserInfo, IMetadataProvider |
| `@memberjunction/core-entities` | Entity types (APIScopeEntity, etc.) |
| `@memberjunction/global` | RegisterForStartup decorator |
## License
ISC