Mastering Pre-Authentication with API Keys Like a PRO
Skills:
Security Basics90%LLM Engineering80%Tool Use & Function Calling80%Agent Foundations70%Prompt Craft60%
Key Takeaways
This video demonstrates pre-authentication using API keys with Spring Security and bcrypt password encoder, showcasing how to generate, validate, and use API keys for secure access to backend applications.
Full Transcript
hey everyone welcome back in today's video we will be talking about API key authentication that is how to authenticate a user or an entity using API keys and we will also learn the concept of pre-authentication but before that if you haven't watched the first video please do so because we will be relating The Core Concepts like Spring Security filter chain authentication manager and authentication provider so let's get [Music] started so let's start by understanding what is pre-authentication pre-authentication is a security pattern where the user or the entity which is being authenticated is already authenticated or verified before the request reaches to the backend application or API now this sort of activity usually happens Upstream this is an upstream job that means there could be an API Gateway a load balancer or any other external service that is responsible for the initial authentication so by the time the request hits the API or the backend service we already know who the entity is who the client is the only job of the API or the backend is to authorize or to validate the key in order to provide the access to the secure endpoints or resources so in this case the user is already authenticated and the user only provides the API key not the full username and password when do we use the pre-authentication the pattern of pre-authentication we can use pre-authentication in certain scenarios like whenever we are offloading the authentication mechanism to another system like an API Gateway or or external service or any other identity provider there we can use the pre-authentication or when the backend services or the apis are supposed to trust only pre-authenticated requests in those cases we can use the concept of pre-authentication where we can allow or disallow the access without handling login sessions we will see in a demo in a bit how to pass the API keys to the backend application and how to allow or block the access depending on the API key validity so let's understand how it works so here we can see a sample request on the postman we don't need to worry about this Endo the important thing is in order to access any secure Endo we need to authenticate The Entity first and how we do that in Postman there is this authorization tab where we select a particular authentication type so in the previous demos we selected for example basic for the basic authentication for example if you are implementing JWT then you will select the JWT barrier token for example for oo it will be o 2.0 now in case of API key authentication we select something called API key and when you select the API key there are couple of options that we can select for example what is the key here we can provide or Define a custom key in which we will pass the API key then goes the value so it could be your API key and the third option is how do you want to send this API key there are two options in Postman whether you can pass it via header or you can pass it via query parameters now if you're not using Postman maybe another CLI tool or maybe a Java client in that case you will have to set the authentication type and you need to pass the API key either via headers or query parameters now once we pass the API key the request will hit the backend the back end will extract the API key Either from the header or from the query parameter The Next Step would be to validate the key so there will be a data Store where all the keys will be stored in advance because we know the user is pre-authenticated that means we already have the user information all right so the key will be validated and if we find the keys valid and already present in the data store then the access will be allowed otherwise the user will be blocked so that's how the API key authentication works so now that we understand what API key authentication is and how it works let's understand what we are going to do in this demo so whenever we deal with API keys or any keys for authentication there are certain things that we need to understand so for example the first step would be to generate the key okay where the user will be assigned a new key that the user will use for the authentication purposes now when you have the key we need to have the flexibility to invalidate the key so for example the key is corrupt or maybe leaked in that case we should have the ability to invalidate a particular key for security purposes then there is this third functionality to rotate the key now in this approach what we do we disable the previously generated key then we generate a new key now in this demo we will not cover this part because here we are assuming that the keys are already present in the database and we will simply use one of the keys to access a secure endpoint okay so we will not Implement these three functionalities but I will share the reference code that you can explore and practice in your own time but implementing this is a very simple task we can implement this uh same as any crud application by having a data stor for example in this case we can have a mySQL database then we can have a spring data jpa repository and maybe a simple API key jpa entity and after that these will be simple cred operations I will share the code now as I said we are assuming that the keys are already present in the database and the user will hit a secure endpoint by passing it a key so in this demo we will have a secure endpoint for example / API SL Creed okay so when the user accesses this endpoint and passes the API key it will trigger the spring Securities filter chain and then we will add a new API key filter and the role of this filter will be to check the API key in the header that we discussed it will validate the key if the key is valid then it will allow the call and how it will allow the call it will do so with the help of something called authentication provider so we will also Implement a custom authentication provider to authenticate an entity depending on the key available okay so there are two important classes that we will see in action the number one is abstract pre-authenticated processing filter so that is the same filter that we will override then we will also see the use of pre-authenticated authentication token so in a nutshell we will write a new API key filter and a new authentication provider let's Now cover the implementation part so for this demo we are not going to implement the user registration part that means for this demo we are assuming that the system already has the user and if you really want to implement the user registration part then you can refer the previous videos in the same playlist where I have covered how to manage or how to implement the user registration part using mySQL database in that case you will need a mySQL database for example additional controllers to expose the registration endpoints and then the usual logic in services to implement the cred operations and second thing is we will also not implement the key generation part or other operations related to Key Management the reason behind this is we are assuming that there would be another second service or another flow which will be responsible for Key Management so there could be an entirely different application to generate the keys to rotate the keys assigning the keys to users and so on so a we are going to assume that the user is already present in the system and B we will assume that the user already has the API key so in this demo we will get the API key from the user as part of the request and then we will validate the request but suppose you want to learn how to implement the key related operations like generating a key and assigning it to the the user or invalidating the key or rotating the key so for that I will share the sample code in the same code base and I will give you a walkth through you can refer the same code and Implement those operations in your practice project for example so the code is already present in this demo code base that is the part that I have already done to save some time but please note we are not going to use that code in the key authentication part so let me give you a quick walkth through the first one could be the application. EML file so you could have a MySQL database to store the keys and the user information although for this demo we are not going to use the mySQL database this is just for the reference so that you can implement the key related operations okay so the first thing is we need a user store so you could have any user store in this case it could be a mySQL database then you would expose some endpoints basically for Key Management for example you could expose an endpoint to generate the key where you would get the user information or the owner of that key and then using the service you can generate the key and return it back to the user then another endpoint could be to revoke the key for example you have to invalidate a key so there will be an endpoint where you will accept the key and then internally you will revoke the key you will invalidate the key the third end point could be to rotate the API key so for example the user will pass an existing key then the job of this endpoint would be to coordinate with this service and deactivate this particular key generate a new key and return it back to the user now as I said we are not going to use this code this is just for the reference here you can see the same thing in the comments as well then you could have an API key service and here you can see we are using password and coder and I will explain why so for example to generate the key the method would look something like this so here you can see we are generating a key which is simply uu ID okay then we are creating a jpa entity which will be used to store the API key in the database this represents an API key and there are simple columns like primary key the actual API key Who is the owner is the key active the create date and when the key will expire now coming back to the API key service the task is simple create the jpa entity okay set the corresponding attribute so here instead of saving the key directly we can use the password encoder basically to Hash the key so even though we are generating a uu ID and the same will be returned back to the user but in the database we can hash the key before saving it so that's why we are using the password encoder all right and then use using the same springing data repository okay you can see the repository here this is a very simple repository so using the same spring data repository we are saving the key in the database so that is the part where we can implement the generate new key functionality now similarly we can have a function to invalidate a particular key so for this demo for example we have the pattern something like this where the key is actually a concatenation of the owner name and the actual key so when the user passes the key okay we can split split the key get the owner then using the repositories find by owner and is active true this is another method that we added to the repository so you can see the implementation this is simply a method the implementation will be generated by Spring at runtime okay and we are passing the owner so so here we are simply fetching The Key by this owner and it must be active so an active key for this owner okay and if the key is present then we are deactivating the key by simply updating the active status to false and again saving the data in the database so that's how we can implement the invalidation part similarly if we talk about the rotate Keys we get the key we get the owner okay we fetch the key from the database if the key is present then first we need to deactivate the old key and then we can generate a new key by using the password and coder and the new create time and the expiration time and we can save the new key and return it back to the user so this implementation is just for your reference in casee you want to implement the key management operations but we are not going to use this in this demo so having covered this let's focus on the stuff which is related to this demo so the first one is greed controller and it represents a secured endpoint so when the user accesses this endpoint it will be validated by using the API key okay so only if the API key is valid then the user will be able to access this greed endpoint and we will see a success response that well you're allowed in the pom.xml we we have added simple dependencies like spring data JP although we are not going to use it this is just for the reference to implement the key management operations which I explained the important thing is we need to add the Spring Security dependency and web because this is going to be our s API and the last step is the key store now this is a class which holds the dummy data it represents the key store but in reality it will be a real data store where we will store the keys like a database or any other third party solution so in this dummy database we have a single map okay and in this map we have a single entry for user John so this is the owner of the key and this is the key in the hash form so now when John accesses the grid controller the secure endpoint it will pass an API key and we will write the functionality to match that API key with this hashed key all right if the key matches then that means the key is authenticated key is valid and John will be able to access the greed controller basically the endpoint otherwise it will get a 403 exception so the next question is how do we start and where do we start well if we go back to the diagram you see the first thing is we will add an API key filter okay and this API key filter will extend from this filter which is abstract pre-authenticated processing filter so when the user hits the endpoint / API greed okay it will trigger the Spring Security filter chain and Spring Security filter chain will call the filter that we will add and from there we will start the API key authentication or validation so let's do that so we will start by adding a new filter and this filter will intercept the incoming request it will extract the API key available in the request and it will pass the key down the chain for further processing so let's do that let's add a filter first and we will name it API key filter something like this now as we discussed what this filter will do it will extend an existing filter which is responsible for pre-authentication flow and that filter is abstract pre-authentication this one and it has two methods the first one is responsible for returning the principle which is being authenticated and the second method Returns the credentials if available now in this case the princip would be the key itself so we will return the key from the first method but since there are no other credentials so we'll simply return a demmy value from here now this returns object so we can say something like this na because it does not exist for this case now from here we need to extract and return the past API key so how do we do that so we know the filter will intercept the incoming request and we also know that the user user will pass the API key in the request header now in this method we have access to something called HTTP serlet request so that means we can fetch the headers from this request and in order to read the header from the request we will use the method get header now if you remember if you go back to the postman the name of the header will be X hyphen API hyphen key this is a custom header that we will provide all right so let's pass the header name X hyphen API hyphen key so this filter will intercept the request and it will read the keys from the request header all right now if we check the abstract filter what it does so there is a method do authenticate which is responsible for the authentication so you can see the first thing it does it reads the principle by calling this particular method which will return the principle now because we are implementing or extending the filter all right and once it has the principle it creates something called pre authenticated authentication tokken all right and after creating the authentication request if you notice it calls the authentication manager and if you remember the security architecture from video One the authentication manager is responsible for the authentication but the actual responsibility is delegated to something called authentication provider so in this case we will also write an authentication provider which will do the custom authentication for API keys so let's add a new custom provider and we will name it API key or provider now it must implement the authentication provider interface this one which is coming from the Spring Security and we will also implement the abstract methods so there are two methods the first one is responsible for the authentication and the second one acts as a filter in case you need to filter out the requests because not every request must be authenticated by all the providers because if you remember from the first video we have the authentication manager then authentication manager maintains a list of authentication providers depending on the authentication method or the authentication mechanism authentication manager taks a certain authentication provider so in this supports method which returns a Boolean we return a flag whether this provider handles a particular kind of authentication method or not so in this case how do we do that now if we go back to the abstract filter you see it creates this token which is pre-authenticated authentication token and this is present in this request and this request is being sent to the authentication manager as you can see here so what we will do in the provider supports method we will check if this token is available the instance of this token is available like this and if it returns true that means this provider must authenticate the request then the second step is to actually perform the authentication here if you notice we are getting the object of authentication and from this authentication object we can actually get the principal and that principal is nothing but the API key because this is the principle that we returned from the filter so in the provider method we will get the princi principle which is nothing but the API key in this case so we will do something like this authentication do get principal and it returns an object so we need to type cast because in this case the principle is simply a string value and then here we will validate The Key by comparing it to ke store dumy value now if you go back to the postman if you notice the key has two parts the first one is the owner then a delimiter and then the actual key it doesn't have to be like this it's just how I created the key it's up to you it's up to the use case now in this case because key is a combination of the owner name and the actual Key delimited by double hash so what we need to do we need to split the key okay and then we will have the owner and the key then we will go to the key store by calling this name we will get this key by the owner name okay so let's go to the authentication provider now we can do all the things here or we can follow the same pattern that we have a service already so we can Auto virate like this private API key service and then we can pass the request to this service so we will have an implementation something like this API key service dot is EV valid this method does not exist we will write it in a bit by passing it a key if the service method returns true if the key is valid then we will return a token that represents a successful authentication which is username password authentication token and it has multiple Constructors so let's check the constructors and this one accepts the principle and the credentials and this one accepts the principal the credentials and the authorities now in this case because we only have the principal we don't have authorities so what we can do we will pass the principle which is key in this case and we don't have credential so we will simply pass the null that's it but let's say if the key is not valid in this case this check will return false and in that case what we can do we can throw an exception bad credentials exception okay and we can also pass a method invalid key the key that we received in the request and it must be throw not return okay now we need to write this method in the API key service okay so let's create the method is key valid in the service now in this service we already have these methods for generating the key revoking the key and rotating the key so I'm just reusing the service you can write your own all right so the first thing that we will do I will copy the code because the key contains the owner name as well so we will split the key now we have the owner and we also have the key which is the raw key all right and once we have the owner and the rocky we simply need to go to the key store and find this value so that must be static in this case all right going back to the API key service we will say Ash key equals to key store dot get key by owner and we will pass the owner here now suppose when you are storing the data in the database instead of calling the key store you will actually make a DB call to fetch the key by owner okay in in that case the key will be fed from the database the hash key basically and once we have the raw key and the hash key we can actually compare both the keys to validate if the key is valid or not now if you notice if we go back to the key store this is actually a hash key which is encrypted by the bcrypt password encoder all right which is available here now because the password encoder was used to Hash the key so we need to use the same password encoder to match the key how do we do that well doing that is very simple we have the instance of password encoder and it has a method matches and this method accepts two parameter the first one is the raw password which is raw key in this case and the second one is encoded password which is the hashed key all right because the key was actually encoded by the password encoder so there is no way to decode it we'll have to use the matches method of the password encoder which will automatically compare and return true if the keys are equal otherwise false now that we we have the API filter and the authentication provider how do we inject everything together so that we can have a running demo and we know in order to configure the security part we need security config so we will also add a security config class basically a configuration file like this and this must be configuration and in the security cont config we need to configure the security filter chain so we will create security filter chain and this will have access to an object of HTTP security like this and then we need to configure the chain and we know how to do that we have already covered this bit in previous videoos okay so the first thing that we will do here we will disable the csrf because this is purely a backend application all right like this we need to throw the exception then we will call authorized requests and here we will say Au do any request do authenticated which simply means authenticate each and every request there are no exemptions all right now how do we tell Spring Security to use the filter we have to tell Spring Security that we have a new filter so you need to use that filter to do that we actually need to pass the filter manually so here it is and then because we are extending the abstract authenticated filter we need to pass the authentication manager as well and we will say set authentication manager and how do we get the authentication manager well we will inject the authentication manager we don't need to created from scratch it will be done by the framework we simply need to inject the authentication manager but the thing is as you know we have also created the custom authentication provider so we will assign this provider to the authentication manager and then we will inject the authentication manager here so that we know how to do that it's simple spring basically creating the beans using Java config so we will have a method in the same configuration class and uh we will return an authentication manager in this case which is nothing but an object of Provider manager and this authentication manager will have a collection of authentication providers in this case a single item so a Singleton list API key o provider and how do we get this API key o provider well we already have the Bean or the provider class we simply need to inject it that we can do here like this so we have the authentication manager this authentication manager is referring to the authentication provider that we created and this authentication manager is then passed to the filter and so we will have a valid filter now this is raising an error because yes we need to pass the authentication provider so instead of passing the parameter let me auto it like this now this is good okay so once we have the filter as I said we need to inject the filter and in the security config chain in the security filter chain there is a method add filter now you see there are various methods like let's say if you want to add a filter if you want to change the sequence so there are methods like add filter before before a particular filter add filter at as a at a location or add filter after basically add the custom filter after a predefined filter now in this case we will use add filter before so the first argument is the filter that we want to add and in this case this is nothing but our filter that we created and the before filter now this before filter is nothing but the same abstract filter that we are overriding so we want Spring Security to actually call our filter first before it calls the abstract filter all right like this and that completes the code so let's revisit what we did the first thing we did we created the filter all right and this filter is extending from the abstract filter and from this filter we are returning the principle which is basically basically the API key and we are getting the API Key by reading the header then we also created the custom authentication Provider by implementing the authentication provider interface and in the authenticate method we are simply getting the same principle which is the API key then we are calling this service basically to validate the key if the key is valid or not and in this method we are fetching The Key by owner from the Demi database and then we are simply using the password encoder to match the raw key and the encoder key all right then in the security config we are configuring the security filter chain we are disabling the csrf we are telling Spring Security to authenticate all the requests then we are adding the filter let me do undo and then we are adding the custom filter before the abstract filter all right and because this filter needs the authentication manager so we are simply creating an authentication manager by providing it the custom provider now if you are confused about authentication manager security filter chain and authentication provider I recommend you watch the first video which covered the Spring Security architecture where we covered these components these classes so we have the implementation ready let's start the back end and let's see if we can validate the key and if we can access the secure endpoint which is this grid controller okay so let me start the service and we are getting an exception that it could not find the custom provider and probably I know the reason reason let's go back to the custom provider we forgot to use The annotation at theate component that's why it's not able to inject the bean let's retry all right the service is up and if you notice it says that the global authentication manager configured with authentication provider being with name API key Au provider that means we are successfully injecting the custom authentication provider to the uh generic authentication manager now that this service is up let's go back to the postman and let me go to the new tab because that is going to be a get end point and it is / API SLG greet okay and since we are using the API key authentication so we need to set the correct authorization or the authentication mechanism and here we will select the API key and here you can see Postman is actually pre-populating the fields because I use them recently otherwise you will have to enter the custom key that you created or the header actually and you need to select the header from the dropdown and then you need to pass the key now in this case because I already have the dumi data so if you go back to the key store now here you can see I already have an encoded key for the user John so I'm going to use the same user which is John then the delimiter or the separator and then the key now this is the same key which I encoded using password encoder that you see see in the key store all right so we have everything ready let's hit the send button so here we got a 43 response that means for some reason the back end is not able to either validate the key or there is some problem with the authentication flow so let's check the logs and we don't see anything unusual in the logs so what we can do probably we can go to the security config and uh we know how to make some endpoints public or permit and one of them is basically the error endpoint so we want to see if there was any error and we will say permit all so let's restart so by default all the end points are authenticated so that means if let's say there is an error and it is redirected to the error end points then we won't be able to access it that's why we are permitting the error and point so that we can access or see any errors if occurred so the service is up let's go back to the postman and hit the same request and you see this time we are getting an error exception because we have now excluded it so this is still saying forbidden 403 and the path API greed now I know the key is a match because I generated the key basically the dummy key and encoded it using the bcrypt password encoder so that is a perfect match then it calls the provider it validates the key and then it Returns the token and if we check this token uh you see it is calling a method set authenticated and it is setting the authenticated status as false that is not what we want to do we want to set the successful authentication in this case so we need to call this Constructor and pass the authorities as well now in our case because there are no authorities it is open to all so we will pass the null now if you want to understand the authority we covered the roles and authorities in the previous video so you can check it out and I will restart the service so the server is up let's retry and this time you see we see the success response that you are allowed that means that was the missing thing actually in the implementation but otherwise the keys are matching if you pass a valid key it will be a match and so the access will be allowed now let's say if we change the owner in this case or basically the key so let's change the key instead of three let's change the last digit so you see by passing an invalid key we are getting a forbidden response again all right so that is the API key authentication in which we pass the API key as a custom header in the request then on this backend side we intercept the request we fetch the value from the header and then we pass it to the authentication provider which does the authentication now there's one last thing before we close so if you go back to the key store you might be thinking thinking how did we create this encoded key well for the demo it is pretty simple we know uh we need to use bcrypt encoder in order to encode a value so you can go to the main class actually and in the main method okay you can get the same password encoder Bean like this so for example you can get any custom uu ID random uuid Dot through string then you can actually do something like this you can use the bcrypt password and coder and you can call it send code method and pass it a key that's it and if I run this code it will simply give me the encoded key for this Rocky in the logs and I can simply reuse this okay so that's how you can create a dumy key for the demo so that's all on the API key authentication and in the next video we will cover WT thanks for watching
Original Description
Code - https://github.com/therealdumbprogrammer/api-key-auth-demo
Playlist - https://www.youtube.com/playlist?list=PLpxcSt9FGVVFqDPqI8m_F5SvDZTMbZ1YX
---------------------------------------------------------------------
In this video, we explore API key authentication and introduce the concept of pre-authentication—a powerful security pattern used to offload authentication to upstream services like API gateways or identity providers. We’ll discuss:
✅ What is Pre-Authentication?
✅ When and why you should use this pattern.
✅ How API key authentication works in real-world applications.
✅ Best practices for securing your APIs with API keys.
1) Generating and Storing Encrypted API Keys
2) Securing Endpoints with API Keys
3) Rotating and Revoking API Keys
🔔 Don’t forget to like, subscribe, and hit the bell icon to stay updated!
00:00 Intro
00:27 Pre Authentication
2:00 How API Keys work
3:48 Project Overview
7:25 Key Management Operations
11:37 API Key Authentication
13:00 API Key Auth Filter
16:25 Custom Authentication Provider
21:14 Implementing Key validation
23:35 Security Config
29:50 Testing the Project
34:23 Generating Dummy Key
-----------------------------------------------------------------
#springboot #springsecurity #security #java #programming #coding #https
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Playlist UUjEfGki6QSKs0mL6-h2pm3Q · TheCodeAlchemist · 12 of 50
1
2
3
4
5
6
7
8
9
10
11
▶
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#java threadlocal #coding #programming #education #softwareengineer #shorts
TheCodeAlchemist
ThreadLocal values #java #coding #codingtutorial #programming #programmer #education #shorts
TheCodeAlchemist
Immutable Design and Java Concurrency | Immutability Explained
TheCodeAlchemist
#java concurrency and immutability #coding #programming #100k #shorts #javaprogramming
TheCodeAlchemist
MASTER HTTP Basic Authentication in Spring Boot in Just 1 Hour | Step-by-Step Tutorial
TheCodeAlchemist
#springsecurity #java #coding #programming #springboot #education #javaprogramming #shorts
TheCodeAlchemist
Encoding passwords in #springsecurity #springboot #java #programming #coding #security
TheCodeAlchemist
#springboot #coding #springsecurity #shorts #java #programming
TheCodeAlchemist
SECURE Your App with Roles and Permissions in Spring Security!
TheCodeAlchemist
#springsecurity roles & permissions #java #programming #coding #shorts #springboot
TheCodeAlchemist
#java #springboot #spring #springsecurity #coding #programming #shorts
TheCodeAlchemist
Mastering Pre-Authentication with API Keys Like a PRO
TheCodeAlchemist
What is an Event Streaming Platform #kafka #java #coding #youtubeshorts
TheCodeAlchemist
#apachekafka #coding #code #java #javadevelopment #programming #youtubeshorts
TheCodeAlchemist
Running Kafka in KRaft Mode without Zookeeper
TheCodeAlchemist
#tutorial #kafka #coding #javadevelopment #java #programming #youtubeshorts
TheCodeAlchemist
Kafka Producer and Consumer with Java: Hands-On Tutorial
TheCodeAlchemist
How to Use Kafka Consumer Groups in Java | Beginner-Friendly Demo
TheCodeAlchemist
#kafka consumer groups #kafkatutorial #java #programming #coding #shorts #apachekafka
TheCodeAlchemist
Sticky vs Hash Partitioner in Kafka: Full Guide + Java Consumer Group Demo
TheCodeAlchemist
Step-by-Step Kafka Transactions Demo
TheCodeAlchemist
The DEVELOPER'S Guide to AI and ML: Fundamentals
TheCodeAlchemist
LLMs Explained: Tokens, Embeddings, and API Basics
TheCodeAlchemist
Your first OpenAI API App - Step-by-Step Guide
TheCodeAlchemist
#chatgpt #llm #openai #tutorial #technology #tech #programming
TheCodeAlchemist
JVM Bytecode Made Simple: Essential Concepts
TheCodeAlchemist
Master #java Bytecode #jvm #jvminternals #programming #coding #shorts
TheCodeAlchemist
#jvm operand #stack #explained #java #coding #programming
TheCodeAlchemist
JVM Internals: JVM Opcodes and Java ClassFile Explained
TheCodeAlchemist
Java Bytecode Deep Dive | What JVM Sees That You Don’t
TheCodeAlchemist
#java #bytecode constant pool #programming #coding #youtubeshorts
TheCodeAlchemist
Inside the JVM: Class Loading Explained
TheCodeAlchemist
Java Developers: You MUST Understand These 5 JVM Memory Areas
TheCodeAlchemist
User Signup with Email Verification 🔥 Spring Boot + Spring Security
TheCodeAlchemist
How to Build a Secure Password Reset Flow | Spring Security
TheCodeAlchemist
#springboot #springsecurity #passwordreset #java #programming #javadeveloper #programmingshorts
TheCodeAlchemist
JWT Simplified | What Developers Must Know About Token-Based Auth
TheCodeAlchemist
#jwt #security #springsecurity #springboot #java #programming #coding #codingtutorial #codingtips
TheCodeAlchemist
#jwt #jwtauthentication #authentication #security #websecurity #springsecurity #springboot #java
TheCodeAlchemist
Master Spring Security JWT in 1 Hour
TheCodeAlchemist
Want to Master Payment Processing? Watch This Now
TheCodeAlchemist
#paymentgateways #java #coding #programming
TheCodeAlchemist
#education #paymentgateways #payments #paypaltutorial #shorts #programming #programmingshorts
TheCodeAlchemist
Stripe Payments with Spring Boot | Full Hands-On Tutorial
TheCodeAlchemist
#paymentgateways with #springboot #java #coding #programmingshorts #programming
TheCodeAlchemist
#java #javacoding #coding #paymentgateways #payments #springboot #springboottutorial
TheCodeAlchemist
#java #coding #programming #jvm #codingtips #programmingshorts
TheCodeAlchemist
Can Spring Boot Apps Really Deploy in Minutes on Kubernetes?
TheCodeAlchemist
#java on #kubernetes with #springboot #programming #coding #programmingshorts
TheCodeAlchemist
Spring Boot + Postgres on Kubernetes | Cloud-Native Series
TheCodeAlchemist
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Learn Golang Step by Step: if, else if, else, and switch With Real Backend Examples
Medium · Programming
Dev Log: 2026-07-01
Dev.to · Nasrul Hazim Bin Mohamad
I built a native Android app in an afternoon, and I've never written a line of Kotlin
Dev.to · Tilde A. Thurium
Vibe Coding Is Real Now — Here’s How to Do It Without Wrecking Your Codebase
Medium · Programming
Chapters (12)
Intro
0:27
Pre Authentication
2:00
How API Keys work
3:48
Project Overview
7:25
Key Management Operations
11:37
API Key Authentication
13:00
API Key Auth Filter
16:25
Custom Authentication Provider
21:14
Implementing Key validation
23:35
Security Config
29:50
Testing the Project
34:23
Generating Dummy Key
🎓
Tutor Explanation
DeepCamp AI