[Backend] Add API Key Management System

[gelluisaac]

Overview

Implement a comprehensive API key management system for external access.

Current State

• Basic API key service exists
• Limited key management
• No key rotation
• No key analytics

Requirements

1. API Key Features

   • Key generation
   • Key validation
   • Key rotation
   • Key revocation
   • Key expiration

2. Key Types

   • Read-only keys
   • Read-write keys
   • Admin keys
   • Scoped keys
   • Temporary keys

3. Key Management

   • Key CRUD operations
   • Key permissions
   • Key usage tracking
   • Key analytics
   • Key audit logs

4. Security

   • Key hashing
   • Key encryption
   • Key scopes
   • IP restrictions
   • Rate limiting per key

Technical Details

• Enhance existing ApiKeyService
• Add key rotation logic
• Implement key analytics
• Add key encryption

Files to Create/Modify

• backend/src/services/apiKeyService.ts (enhance)
• backend/src/models/ApiKey.ts (enhance)
• backend/src/routes/apiKeys.ts (create)
• backend/src/utils/keyUtils.ts (create)
• backend/src/middleware/apiKeyAuth.ts (enhance)

Acceptance Criteria

• Keys can be generated
• Key validation works
• Key rotation works
• Key revocation works
• Key permissions work
• Usage tracking works
• Analytics work
• Security features work

References

• API key best practices: https://cloud.google.com/apigee/docs/api-platform/security/api-keys
• Key management patterns: https://auth0.com/docs/manage-users/access-control/api-key-management

[aliyuHabibu]

Hi, I'm a software engineer, I've gone through the issue and I can resolve it. Assign it to me thank you

[aliyuHabibu]

Hi, I'm a software engineer, I've gone through the issue and I can resolve it. Assign it to me thank you