Introduction

KeyHippo extends Postgres Row Level Security (RLS), allowing API keys to operate under the same precise access controls as session-based authentication. Instead of creating separate security models for different access methods, KeyHippo ensures that API keys and session tokens alike are evaluated by the same RLS policies, making API key management simple, consistent, and secure.

Each API key is cryptographically generated and securely evaluated within the RLS framework, eliminating the need for additional custom logic to manage key permissions. Whether you’re using session tokens or API keys, KeyHippo ensures that your access control policies remain centralized and consistent across your entire system.

KeyHippo also integrates seamlessly with PostgREST, enabling API keys to be used directly in Postgres queries while relying on the same RLS policies. This reduces the complexity of your API design and simplifies the security model, ensuring that access control is enforced at the database level.

​

KeyHippo Solves Common Challenges

1. Unified API Key and RLS Policies: KeyHippo allows API keys to authenticate users and enforce the same fine-grained access control defined by your RLS policies. Instead of creating parallel security structures, KeyHippo extends RLS to support both session tokens (via JWTs) and API keys seamlessly.

   • Example: You can write a single RLS policy that grants access based on either auth.uid() (session) or auth.keyhippo_check() (API key), ensuring consistent access control across different authentication methods.

2. Preserving Postgres-Level Security: Many developers attempt to manage API key permissions at the application layer, often introducing security gaps or inconsistencies. KeyHippo eliminates this risk by integrating API key authentication directly into Postgres, so API key access is governed by the same security policies as session tokens, ensuring consistency and security.

3. Seamless Integration with PostgREST: KeyHippo works directly with PostgREST, allowing you to issue API keys and use them in Postgres requests with minimal overhead. Because the same RLS policies apply to both API keys and session tokens, you can avoid writing custom API routes to handle access control, reducing both complexity and maintenance.

​

Other Solutions

1. Custom Server-Side Logic

   • Pros: Full control over implementation
   • Cons: Time-consuming, potential security vulnerabilities, difficult to maintain
   • KeyHippo Advantage: Uses proven RLS policies in Postgres, removing the need for duplicating security logic at the application level.

2. Simple Database Table of API Keys

   • Pros: Easy to implement
   • Cons: Lacks scalability, requires custom logic to handle security
   • KeyHippo Advantage: Scales automatically with your application, leveraging Postgres’s built-in RLS for secure, scalable API key management.

3. JWT-Based Solutions

   • Pros: Stateless, supports claims
   • Cons: Complex to implement securely, prone to mistakes if not managed carefully
   • KeyHippo Advantage: Combines the simplicity of API key issuance with the security of JWTs, ensuring consistency with Postgres-level security.

​

Flagship Features

​

Getting Started

To begin integrating KeyHippo into your Supabase project, follow these steps:

KeyHippo provides a simple, secure, and scalable approach to API key management that integrates seamlessly with Postgres Row Level Security, ensuring consistent, fine-grained control over data access.