Skip to content

✨ API Keys & Webhooks #88

New issue
New issue
Open
Open
✨ API Keys & Webhooks#88
Labels
enhancementNew feature or request
@fusion94

Description

@fusion94
fusion94
opened on Mar 11, 2026

Summary

Add API key management and webhook subscription capabilities to enable programmatic access and external tool integrations. Currently, there is no way to interact with the system outside of the web UI.

Motivation

Power users and organizations want to integrate their inventory system with external tools — home automation, spreadsheet syncs, notification services, or custom scripts. API keys provide secure programmatic access, while webhooks enable real-time event-driven integrations without polling. This transforms Armory Core from a standalone app into an extensible platform.

Proposed Implementation

  • Create an api_keys DB table (id, user_id, key_hash, name, permissions, last_used_at, created_at, revoked_at)
  • Create a webhooks DB table (id, user_id, url, events, secret, active, created_at)
  • Create a webhook_deliveries DB table (id, webhook_id, event, payload, response_code, delivered_at, retry_count)
  • Add API key management UI in user settings (create, list, revoke)
  • Implement API key authentication middleware (Bearer token or X-API-Key header)
  • Add webhook subscription management UI (create, edit, delete, test)
  • Support webhook events: item.created, item.updated, item.deleted, item.low_stock
  • Implement webhook delivery with retry logic (exponential backoff, max 3 retries)
  • Add webhook delivery log viewable per subscription
  • Generate secure API keys and webhook secrets using crypto

Acceptance Criteria

  • Users can create, list, and revoke API keys from settings
  • API key authentication works via Bearer token or X-API-Key header
  • API keys have configurable permissions (read-only vs read-write)
  • Users can create webhook subscriptions for specific events
  • Webhooks fire on item.created, item.updated, item.deleted, and item.low_stock events
  • Webhook deliveries include retry logic with exponential backoff
  • Webhook delivery log shows status, response codes, and retry attempts
  • Test webhook button sends a sample payload to verify the endpoint
  • API keys are stored as hashes (never in plaintext)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions