Make variable unique for each user https server

I currently have a variable api which initiates a struct with methods to communicate with a API. Some methods require API keys, some not.

    // Connect with API.
    let api : api::binance::Binance = ExchangeAPI::new(
        config::REST_API_URL.as_str(),
        config::WEBSOCKET_API_URL.as_str(),
        config::WEBSOCKET_STREAM_URL.as_str(),
        config::EXCHANGE_API_KEY.as_str(),
        config::EXCHANGE_API_SECRET.as_str(),
    );
    let api = Arc::new(api);

    // Spawn process to handle incoming streams.
    loop {
        // Stream for HTTP.
        let (mut stream, _) = server.accept().await.unwrap();

        let cloned_client = client.clone();
        let cloned_api = api.clone();

        tokio::spawn(async move {
            if let Err(e) = http::process(&mut stream, cloned_client, cloned_api).await {
                eprintln!("Error: {}", e);
            }
        });
    }

This variable gets passed to the rest of my app which is basically a basic HTTP server.

The problem: Each user can have different API keys, but the variable api is the same for each user when I modify it, no?

What is the best way to bind this variable to the session of the user?

The current solution I am thinking of is making a lazy_static hashmap and insert the session of the user together with the API variable in it.

Is there a better solution? How does e.g Actix-web does this?

Hi @ONiel,

What I have seen, and what I have used ( with Google API ), is that the server issued an authenticated user a token, such as a JSON Web Token, and the user session must remember this token.

Next time access, it needs to send this token along in the request, for example, in the Authorization header. The server looks for this token and authenticate the request in order to grant access.

The last Google API I have used is Text To Speech API, Google issues a credential file in JSON format, which we need to include everytime we access the API.

Best regards,

...behai.

1 Like

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.