| from fastapi import Security | |
| from fastapi.security import APIKeyHeader | |
| api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False) | |
| VALID_API_KEYS = ["dev-key-123", "prod-key-456"] | |
| def verify_api_key(api_key: str = Security(api_key_header)): | |
| # If no key is provided, just allow access (optional auth) | |
| if api_key is None: | |
| return None | |
| # If key is provided, check if it's valid | |
| if api_key not in VALID_API_KEYS: | |
| # Optionally, you can log or track invalid attempts here | |
| return None | |
| return api_key | |