Implement proper API authentication layer in strategies and databases #315
Description
Currently, database and strategy APIs lack a standardized authentication mechanism. The only existing workaround relies on environment variables (e.g., as Snyk does), which is not a scalable or maintainable approach — especially when managing multiple integrations with different auth schemes.
Proposed Solution
Introduce a dedicated ApiCredential class (or equivalent abstraction) to handle authentication in a structured, reusable way. This would support common authentication strategies, including:
- Basic Auth – username/password encoded credentials
- Bearer Token – Authorization header with a token
- API Key – Header or query param-based key injection
- Custom / Extensible – Allow users to define their own auth strategy if needed
Reference Implementation
A solid pattern already exists here that could serve as inspiration or a direct starting point:
👉 ApiCredential.class.ts – OpenAlly/loki
Why Not Just ENV Variables?
- Tightly couples configuration to the runtime environment
- Makes it harder to support multiple simultaneous integrations with different credentials
- Not portable across different deployment contexts (CI, local dev, production)
- Doesn't scale when adding new database/strategy providers
Expected Outcome
A clean, typed API credential abstraction that can be passed into database/strategy configurations, replacing ad-hoc ENV-based auth with a first-class, composable authentication layer.