--- title: "Secure Tide APIs with API Key Authentication" description: "Secure your Tide API using a shared secret." canonicalUrl: "https://zuplo.com/use-cases/api-key-auth/rust/tide/secure-header" framework: "Tide" language: "Rust" authStrategy: "shared secret header" pageType: use-case --- # Secure Tide APIs with API Key Authentication Secure your Tide API using a shared secret. ## How Zuplo Handles It Put Zuplo in front of your Tide backend to authenticate API keys and forward a shared secret header so your origin only accepts traffic from Zuplo. ## Tide Backend Code ```rust use tide::{Request, prelude::*, Response, StatusCode}; use async_std::task; use async_std::sync::{Arc}; use subtle::ConstantTimeEq; use std::env; // Middleware to validate shared secret header async fn validate_shared_secret(req: tide::Request, next: tide::Next<'_, State>) -> tide::Result where State: Clone + Send + Sync + 'static, { let expected_secret = env::var("SHARED_SECRET").expect("SHARED_SECRET must be set"); let secret = req.header("x-shared-secret").map(|values| values.last().as_str()); let valid = secret .map(|s| s.as_bytes().ct_eq(expected_secret.as_bytes()).unwrap_u8() == 1) .unwrap_or(false); if !valid { let mut res = Response::new(StatusCode::Unauthorized); res.set_body(json!({ "error": "Invalid or missing secret" })); return Ok(res); } Ok(next.run(req).await) } #[async_std::main] async fn main() -> tide::Result<()> { tide::log::start(); let mut app = tide::new(); app.with(validate_shared_secret); app.at("/protected").get(|_| async { Ok(json!({ "message": "Access granted" })) }); app.listen("127.0.0.1:8080").await?; Ok(()) } ``` ## Example Request ```bash curl -X GET \ 'https://your-api.zuplo.dev/your-route' \ -H 'Authorization: Bearer YOUR_API_KEY' ``` ## Learn More - [API Key Authentication on Zuplo](https://zuplo.com/docs/policies/api-key-auth-inbound) - [JWT Authentication on Zuplo](https://zuplo.com/docs/policies/open-id-jwt-auth-inbound) - [All use cases](https://zuplo.com/use-cases)