Skip to content

feat: track API key last usage timestamp #819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
seapagan merged 1 commit into from
Jan 23, 2026
Merged

feat: track API key last usage timestamp #819

seapagan merged 1 commit into from
Jan 23, 2026

Conversation

@seapagan
Copy link
Owner

@seapagan seapagan commented Jan 23, 2026
edited by coderabbitai bot
Loading

Summary

  • Add last_used_at field to ApiKey model to track when API keys are used
  • Update timestamp in ApiKeyAuth.__call__() on successful authentication
  • Expose field in ApiKeyResponse schema for security auditing
  • Add database migration for the new column
  • Add test to verify timestamp updates correctly

This enables identification of stale/unused API keys for security audits.

Closes SECURITY-REVIEW.md #23

Summary by CodeRabbit

  • New Features

    • API Keys now include a last usage timestamp that is automatically updated upon successful authentication.
    • The timestamp is exposed in API key responses for visibility and tracking.

  • Tests

    • Added test coverage verifying last usage timestamp updates during authentication.

✏️ Tip: You can customize this high-level summary in your review settings.

@seapagan
feat: track API key last usage timestamp
51b894c 
Add `last_used_at` field to track when API keys are used for security
auditing. This enables identification of stale/unused API keys.

- Add `last_used_at` nullable datetime field to ApiKey model
- Update timestamp in `ApiKeyAuth.__call__()` on successful auth
- Expose field in `ApiKeyResponse` schema
- Add migration for the new column
- Add test to verify timestamp is updated

Closes SECURITY-REVIEW.md `#23`
@coderabbitai
Copy link

coderabbitai bot commented Jan 23, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This pull request adds API key usage tracking by introducing a last_used_at timestamp field. The changes include a database migration, model field addition, authentication logic to update the timestamp on successful verification, schema exposure, and corresponding tests.

Changes

Cohort / File(s) Summary
Database Schema
app/migrations/versions/2026_01_23_2115-add_last_used_at_to_api_keys.py		 Alembic migration adds nullable DateTime column last_used_at to api_keys table with downgrade support.
Model & Response
app/models/api_key.py, app/schemas/response/api_key.py		 ApiKey model field added for last_used_at timestamp; ApiKeyResponse schema exposes the new optional field.
Authentication Logic
app/managers/api_key.py		 ApiKeyAuth.call() updated to set last_used_at to current UTC time after successful authentication.
Test Coverage
tests/unit/test_api_key_auth.py		 New test verifies that successful API key authentication updates last_used_at from None to a timestamp value.

Sequence Diagram

sequenceDiagram
    actor Client
    participant Auth as ApiKeyAuth
    participant DB as Database<br/>(api_keys)
    
    Client->>Auth: Request with API key
    Auth->>Auth: Validate API key
    Auth->>Auth: Set request.state.api_key
    Auth->>DB: Update last_used_at = now()
    DB-->>Auth: Timestamp updated
    Auth-->>Client: Authentication successful
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

security

Poem

🐰 A hop, a skip, and keys track time,
Last used moments marked so fine,
Authentication leaves its trace,
Timestamps dancing through cyberspace!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title clearly and concisely summarizes the main change: adding API key last usage timestamp tracking. It is specific, relevant, and reflects the primary objective of the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codacy-production
Copy link

codacy-production bot commented Jan 23, 2026

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00% (target: -1.00%) 100.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (a233ebc) 2441 2441 100.00%
Head commit (51b894c) 2445 (+4) 2445 (+4) 100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#819) 4 4 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@seapagan seapagan self-assigned this Jan 23, 2026
@seapagan seapagan added the enhancement New feature or request label Jan 23, 2026
@seapagan seapagan merged commit 5149544 into main Jan 23, 2026
18 checks passed
@seapagan seapagan deleted the feature/api-key-last-used-tracking branch January 23, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@seapagan seapagan

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seapagan