Add API Key Authentication Middleware for Gateway

[greatest0fallt1me]

Description
Add middleware that resolves API key from header (e.g. Authorization: Bearer or X-Api-Key: ), looks up key by prefix, verifies full key hash, loads user and vault and API/endpoint. Attach to request: user, vault, api, endpoint, apiKeyRecord. Return 401 if invalid or revoked.

Requirements and context

• Must be used by gateway routes that proxy to upstream APIs
• Rate limit and balance check can be separate middleware

Suggested execution

• Fork the repo and create a branch
• git checkout -b feature/api-key-auth-middleware
• Implement changes
  • Middleware: extract key, find by prefix, verify hash, load user/vault/api/endpoint
  • Return 401 with clear message if not found or revoked
  • Add unit tests for middleware
• Test and commit
  • Run tests
  • Example commit message: feat: API key auth middleware for gateway

Guidelines

• Constant-time key comparison where applicable
• Clear documentation
• Timeframe: 96 hours
• Project details: #

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[observerr411]

@observerr411 has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

I would like to take on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @observerr411 to this issue.

[drips-wave]

Congratulations, @observerr411! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on February 26, 2026.

🧑‍💻 @observerr411: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are issued when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[blessme247]

@blessme247 has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

I would love to resolve this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @blessme247 to this issue.

[EbukaMoses]

@EbukaMoses has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hello Maintainer,

I’d like to apply to work on this issue.

I’m Ebuka Moses, a full-stack and blockchain developer with experience building, testing, and maintaining smart contracts, particularly using Rust and blockchain-based architectures. I’m comfortable working with contract logic, validation, access control, persistent storage, and event handling, and I always pay close attention to correctness, security, and edge cases.

I take time to fully understand the issue requirements before implementing a solution, and I ensure my work follows the project’s coding standards. I also write clear, well-tested code and submit clean pull requests with meaningful commits.

I’m confident I can deliver a solid solution that meets the acceptance criteria and adds value to the project.

Thank you for your consideration, and I look forward to contributing.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @EbukaMoses to this issue.