Hono - [η] means flameπ₯ in Japanese - is a small, simple, and ultrafast web framework for the Edges. It works on any JavaScript runtime: Cloudflare Workers, Fastly Compute@Edge, Deno, Bun, Vercel, Netlify, Lagon, AWS Lambda, Lambda@Edge, and Node.js.
@unkey/hono offers a middleware for authenticating API keys with unkey.
Letβs dive straight in. The minimal setup looks like this. You need a root key with permission to verify keys. Go to /settings/root-keys and create a key with the verify_key permission.By default it tries to grab the API key from the Authorization header and then verifies it with Unkey.
The result of the verification will be written to the context and can be accessed with c.get("unkey").
Copy
Ask AI
import { Hono } from "hono"import { type UnkeyContext, unkey } from "@unkey/hono";const app = new Hono<{ Variables: { unkey: UnkeyContext } }>();app.use("*", unkey({ rootKey: process.env.UNKEY_ROOT_KEY!}));app.get("/somewhere", (c) => { // access the unkey response here to get metadata of the key etc const keyInfo = c.get("unkey"); return c.text(`Hello ${keyInfo.identity?.externalId ?? "user"}!`);})
By default the middleware tries to grab the api key from the Authorization header. You can change this by passing a custom header name to the middleware.
By default the middleware will not do anything with the verification response other than writing it to the context.
However you most likely would like to just return a 401 response if the key is invalid and not continue with the request.To do this you can pass a handleInvalidKey handler to the middleware.
See here for the full response object.
